Welcome, Guest. Please login or register.
March 28, 2024, 03:31:57 PM

Login with username, password and session length

Search:     Advanced search
we're back, baby
*
Home Help Search Login Register
f13.net  |  f13.net General Forums  |  The Gaming Graveyard  |  World of Warcraft  |  Topic: My WoW-account's been compromised 0 Members and 1 Guest are viewing this topic.
Pages: 1 [2] 3 4 ... 10 Go Down Print
Author Topic: My WoW-account's been compromised  (Read 113941 times)
Ingmar
Terracotta Army
Posts: 19280

Auto Assault Affectionado


Reply #35 on: January 13, 2010, 03:35:19 PM

The account management login doesn't actually use the authenticator - just the in-game login.

Never mind, I'm wrong, I was thinking of the armory login.

The Transcendent One: AH... THE ROGUE CONSTRUCT.
Nordom: Sense of closure: imminent.
Kageh
Terracotta Army
Posts: 359


Reply #36 on: January 14, 2010, 02:10:01 AM

Can you delink the authenticator once you're in account management? Their script could login there (using your authenicator), delink you, change your password, then login to the game.

Yes, but unlinking requires two consecutive (unused) tokens from the currently active authenticator. I did that when switching from the physical authenticator to the iPhone version, because you can't have both.
Koyasha
Terracotta Army
Posts: 1363


Reply #37 on: March 13, 2010, 11:01:33 AM

Odd story here.  Somehow someone got the account names and passwords for all three of my old WoW accounts, all of which have been inactive since at least last year.  Last night I get an email on my G1, telling me my passwords have been changed.  I find that very odd, come home and check, and sure enough, my accounts have been merged with a battle.net account (something I never did, since I stopped playing before that became mandatory).  However, most curiously, the email is missing when I check it on my computer.  Can't find it on my phone again, either.  So is every single email in my gmail box related to 'blizzard' or 'warcraft'.  All of them gone.  But...gmail's recent activity data shows no unusual ip addresses having accessed the account.  All recent accesses have been from either my computer, or my phone.

Whoever it is apparently pays for one of my accounts, and plays some - I've even got a few new pieces of loot, according to the armory, and another friend that still plays tells me they were running dungeons.

I fire off a couple emails to blizzard and this morning I call them, and they quickly set things right - even for the account that was actually an old friend's account, which she gave to me years ago when she quit playing.  Now I'm reinstalling wow to make sure everything is right.

One amusing thing is that they didn't pay by game card or by paying for one month then immediately cancelling - as far as I can tell, my account will recur billing to their credit card next month, unless they call their credit card provider and tell them to deny payment.

However what most baffles and concerns me is how my account was compromised in the first place.  Since I haven't played WoW since last year, I can't see myself being keylogged.  And the blizzard/warcraft emails missing from my gmail are very odd.  I've changed most passwords I can think of, but I have no clue how anyone got them in the first place.

-Do you honestly think that we believe ourselves evil? My friend, we seek only good. It's just that our definitions don't quite match.-
Ailanreanter, Arcanaloth
Rasix
Moderator
Posts: 15024

I am the harbinger of your doom!


Reply #38 on: March 13, 2010, 12:49:13 PM

That is really odd. 

I've been getting a ton of phishing emails and even in-gaming phishing attempts.  Someone really wants my account. Heh.

-Rasix
Sheepherder
Terracotta Army
Posts: 5192


Reply #39 on: March 13, 2010, 02:09:20 PM

However, most curiously, the email is missing when I check it on my computer.  Can't find it on my phone again, either.  So is every single email in my gmail box related to 'blizzard' or 'warcraft'.  All of them gone.  But...gmail's recent activity data shows no unusual ip addresses having accessed the account.  All recent accesses have been from either my computer, or my phone.

Is your computer / phone zombied?
Kail
Terracotta Army
Posts: 2858


Reply #40 on: March 13, 2010, 02:13:45 PM

Since I haven't played WoW since last year, I can't see myself being keylogged.  And the blizzard/warcraft emails missing from my gmail are very odd.  I've changed most passwords I can think of, but I have no clue how anyone got them in the first place.

I'd assume your e-mail is compromised.  If I had to guess, I'd say someone cracked your e-mail account, maybe found an old e-mail with the login in it, sent in a "oops, I forgot my password, please e-mail it to me" request, and then changed your stuff.  Though I don't know why it wouldn't show that in your e-mail's recent activity log... That's highly worrying.  Hope it works out for you!
Koyasha
Terracotta Army
Posts: 1363


Reply #41 on: March 13, 2010, 02:54:16 PM


Is your computer / phone zombied?
Don't think so.  Not certain, but after antivirus and malware scans I'm turning up empty.  The access times on that log also corresponded correctly with when I accessed gmail.

I'd assume your e-mail is compromised.  If I had to guess, I'd say someone cracked your e-mail account, maybe found an old e-mail with the login in it, sent in a "oops, I forgot my password, please e-mail it to me" request, and then changed your stuff.  Though I don't know why it wouldn't show that in your e-mail's recent activity log... That's highly worrying.  Hope it works out for you!
That's pretty much what I suspect, so I've changed passwords on most things, but it does still concern me in general.  However, since getting the account back I've had no further oddities, so hopefully it's resolved for good.  Although I might decide to do a clean hard drive wipe just to make sure I catch anything that none of my scans have found.

-Do you honestly think that we believe ourselves evil? My friend, we seek only good. It's just that our definitions don't quite match.-
Ailanreanter, Arcanaloth
Lantyssa
Terracotta Army
Posts: 20848


Reply #42 on: March 13, 2010, 03:00:39 PM

Don't think so.  Not certain, but after antivirus and malware scans I'm turning up empty.  The access times on that log also corresponded correctly with when I accessed gmail.
New anti-virus, or pre-existing.  If those are compromised, they'll give you false negatives.  Try malwarebytes if it's not one of your regulars.

What e-mail did they merge accounts to?  One of their own or yours?  If yours, then they almost definitely have access to either your phone or computer.

Hahahaha!  I'm really good at this!
Koyasha
Terracotta Army
Posts: 1363


Reply #43 on: March 13, 2010, 03:05:08 PM

Thanks for the suggestions, I'll try that one.  And not my b.net account, and the guy I talked to on the phone couldn't give me any other details basically.

-Do you honestly think that we believe ourselves evil? My friend, we seek only good. It's just that our definitions don't quite match.-
Ailanreanter, Arcanaloth
Oban
Terracotta Army
Posts: 4662


Reply #44 on: March 13, 2010, 03:31:47 PM

Have you installed any interesting applications on your Android phone? 

Palin 2012 : Let's go out with a bang!
Koyasha
Terracotta Army
Posts: 1363


Reply #45 on: March 13, 2010, 03:37:38 PM

Nope, nothing that seemed questionable at all.  Not even anything that's rated below 3 stars.  And I haven't made any changes to it recently, either.

-Do you honestly think that we believe ourselves evil? My friend, we seek only good. It's just that our definitions don't quite match.-
Ailanreanter, Arcanaloth
Xanthippe
Terracotta Army
Posts: 4779


Reply #46 on: March 16, 2010, 09:02:24 AM

This probably isn't the place for this, but I'll forge ahead anyway.

I've noticed lately mining nodes disappearing from under me.  Apparently there's some invisible speed hack/underground hack or something that farmers are using to mine from beneath (at least that's what googling turns up).  Yesterday I reported some guy for that but noticed he was still on in the same zone for hours, while my ticket sat with no response.  The guy was a level 80 with honor gear, so possibly a stolen account or just a dumbass. 

At any rate, is this a common thing?  I've just started gathering again, after a year of nothing but buying mats off the AH.
Nebu
Terracotta Army
Posts: 17613


Reply #47 on: March 16, 2010, 09:08:32 AM

At any rate, is this a common thing?  I've just started gathering again, after a year of nothing but buying mats off the AH.

I've noted this in a thread or two as well.

It is common, particularly in Shalozar.  Blizzard seems to be working on it.  Use your log to see who is doing it and report them. 

"Always do what is right. It will gratify half of mankind and astound the other."

-  Mark Twain
Fordel
Terracotta Army
Posts: 8306


Reply #48 on: March 16, 2010, 11:02:30 AM

It's been happening for years now. Just report them.


Blizzard doesn't ban them right away, but rather collects information on them to find the source destination then breaks the whole operation. It's like a drug bust!

and the gate is like I TOO AM CAPABLE OF SPEECH
sickrubik
Terracotta Army
Posts: 2967


WWW
Reply #49 on: March 16, 2010, 11:11:47 AM

When will Blizzard's failed war on criminalizing Frost Lotus end?

beer geek.
Lantyssa
Terracotta Army
Posts: 20848


Reply #50 on: March 16, 2010, 01:36:23 PM

They don't criminalize Frost Lotus, they criminalize the gathering there-of.

Hahahaha!  I'm really good at this!
Sheepherder
Terracotta Army
Posts: 5192


Reply #51 on: March 16, 2010, 11:13:07 PM

I remember before TBC there was this huge official forum salty tears of rage fest over Blizzard banning something like a few thousand accounts in one shot.
Xanthippe
Terracotta Army
Posts: 4779


Reply #52 on: March 17, 2010, 11:18:38 AM

The guy I reported a few days ago is still on, and has been, same zone, every time I've checked.  My ticket is still open.
bhodi
Moderator
Posts: 6817

No lie.


Reply #53 on: March 17, 2010, 11:25:37 AM

The guy I reported a few days ago is still on, and has been, same zone, every time I've checked.  My ticket is still open.
Often, they will track the person and who he transfers things (and the money gained) to, in order to root out other accounts.
Xanthippe
Terracotta Army
Posts: 4779


Reply #54 on: March 17, 2010, 12:07:32 PM

It will annoy me if I have some other problem to open a ticket on. 
Musashi
Terracotta Army
Posts: 1692


Reply #55 on: March 20, 2010, 10:53:17 AM

They probably want to give you a satisfactory reply, but know it will take a few more days to completely root out his terror network.

AKA Gyoza
Xanthippe
Terracotta Army
Posts: 4779


Reply #56 on: March 20, 2010, 04:21:15 PM

They gave me the standard 'thanks for reporting but we can't tell you anything else."

I wish they wouldn't use open tickets to remind them to take care of it, or allow more than one open ticket.
Musashi
Terracotta Army
Posts: 1692


Reply #57 on: March 20, 2010, 04:34:29 PM

Is dude still on?

AKA Gyoza
Xanthippe
Terracotta Army
Posts: 4779


Reply #58 on: March 21, 2010, 09:54:27 AM

No, when they responded to my ticket, he was gone.  I don't know if he's banned or not.  Looking at his armory, he could have had his account stolen and used for bot mining.

And I've noticed the price is saronite has risen and the supply has dropped.  I bet one bot miner hacking underground 24/7 could supply a great deal of ore.
Evildrider
Terracotta Army
Posts: 5521


Reply #59 on: March 21, 2010, 01:07:01 PM

No, when they responded to my ticket, he was gone.  I don't know if he's banned or not.  Looking at his armory, he could have had his account stolen and used for bot mining.

And I've noticed the price is saronite has risen and the supply has dropped.  I bet one bot miner hacking underground 24/7 could supply a great deal of ore.

Most likely.. some nights when I'm really bored I'll harvest ore for like 3 hours.  In that time I can usually get around 600-800 Saronite ore, 40-50 titanium ore, and random gems.
Musashi
Terracotta Army
Posts: 1692


Reply #60 on: March 21, 2010, 04:16:25 PM

No, when they responded to my ticket, he was gone.  I don't know if he's banned or not.  Looking at his armory, he could have had his account stolen and used for bot mining.

And I've noticed the price is saronite has risen and the supply has dropped.  I bet one bot miner hacking underground 24/7 could supply a great deal of ore.

Easily.  He's either returned to his former owner, in limbo until said owner comes forward, or nuked from orbit.

AKA Gyoza
Fordel
Terracotta Army
Posts: 8306


Reply #61 on: March 21, 2010, 06:12:27 PM

I hope the Cata expansion box comes with an Authenticator.

and the gate is like I TOO AM CAPABLE OF SPEECH
Selby
Terracotta Army
Posts: 2963


Reply #62 on: March 21, 2010, 09:58:35 PM

I hope the Cata expansion box comes with an Authenticator.
Yeah.  A guildmate got hacked the other day and was complaining about how they put an authenticator on it.  We were all "WTF?  You didn't already have one???"
Merusk
Terracotta Army
Posts: 27449

Badge Whore


Reply #63 on: March 22, 2010, 03:36:35 AM

My guild's had 3 in the last month, including one guy who knew the method to get around guild bank tab limits. We keep telling people before raids "buy a damn authenticator" but some simply don't want to listen.  Then the GL doesn't want to listen to reason and restrict access to only those who have them.  Ohhhhh, I see.

I continue to be a dick and maintain that the folks getting hacked are buying gold or visiting gold-farmer-owned websites.

The past cannot be changed. The future is yet within your power.
Rasix
Moderator
Posts: 15024

I am the harbinger of your doom!


Reply #64 on: March 22, 2010, 07:09:12 AM

I continue to be a dick and maintain that the folks getting hacked are buying gold or visiting gold-farmer-owned websites.

Or ones dumb enough to click on fake account management emails from phishers.

-Rasix
Xuri
Terracotta Army
Posts: 1199

몇살이세욬ㅋ 몇살이 몇살 몇살이세욬ㅋ!!!!!1!


WWW
Reply #65 on: March 22, 2010, 07:49:36 AM

I did neither of those things and still got hacked, somehow (no trojans, viruses or other backdoors found after the incident or since).

In other news, I got an e-mail yesterday from Aion account management (no mention of NCSoft anywhere in the mail). They claimed someone had made changes to my Aion-account and wanted me to log into a website that included the non-word "accoumt" in its name, to make sure everything was ok.  Ohhhhh, I see.

-= Ho Eyo He Hum =-
Minvaren
Terracotta Army
Posts: 1676


Reply #66 on: March 22, 2010, 08:17:50 AM

They also seem to be trying username/password combos found from forum software.  I had my ebay account hacked once via this method, but my email and Paypal accounts had different passwords - saved me a whole lotta grief there.

I also got a tell in-game yesterday from some d00d saying that my account would be disabled immediately if I didn't go to blizz-wow-update.com/giveusyourpassword.html or something like that.  As if the gold spammers weren't enough...

"There are many things of which a wise man might wish to remain ignorant." - Ralph Waldo Emerson
Ingmar
Terracotta Army
Posts: 19280

Auto Assault Affectionado


Reply #67 on: March 22, 2010, 11:32:45 AM

My guild's had 3 in the last month, including one guy who knew the method to get around guild bank tab limits. We keep telling people before raids "buy a damn authenticator" but some simply don't want to listen.  Then the GL doesn't want to listen to reason and restrict access to only those who have them.  Ohhhhh, I see.

I continue to be a dick and maintain that the folks getting hacked are buying gold or visiting gold-farmer-owned websites.

If it happens to us again I will be putting that rule in place, they're on their last strike.

The Transcendent One: AH... THE ROGUE CONSTRUCT.
Nordom: Sense of closure: imminent.
SurfD
Terracotta Army
Posts: 4035


Reply #68 on: March 22, 2010, 03:14:08 PM

My guild's had 3 in the last month, including one guy who knew the method to get around guild bank tab limits.
Hmm?  Is this something that gets you more bank tabs then you should have? or lets you access tabs you shouldnt be able to?

Darwinism is the Gateway Science.
Ingmar
Terracotta Army
Posts: 19280

Auto Assault Affectionado


Reply #69 on: March 22, 2010, 03:34:04 PM

My guild's had 3 in the last month, including one guy who knew the method to get around guild bank tab limits.
Hmm?  Is this something that gets you more bank tabs then you should have? or lets you access tabs you shouldnt be able to?

Neither, it lets you take more things out of a given tab in a given day than the permissions for your rank allow.

The Transcendent One: AH... THE ROGUE CONSTRUCT.
Nordom: Sense of closure: imminent.
Pages: 1 [2] 3 4 ... 10 Go Up Print 
f13.net  |  f13.net General Forums  |  The Gaming Graveyard  |  World of Warcraft  |  Topic: My WoW-account's been compromised  
Jump to:  

Powered by SMF 1.1.10 | SMF © 2006-2009, Simple Machines LLC