Page 1 of 12 123456789101112 LastLast
Results 1 to 30 of 358

Thread: WoW Security issues

  1. #1
    How To Go
    Join Date
    Sep 2004
    Location
    Pasadena, Ca
    Posts
    11,328

    WoW Security issues

    Apparently there is now an epidemic of hacked WoW accounts. On both the Tech Support and Customer Support WoW forums, there are many requests for help. What's happening is that accounts get hacked, they don't have an authenticator, and the hacker puts an authenticator on their account so that they can no longer access it. Then as usual the account gets banned for gold selling.

    A couple of recurring themes I saw as I was perusing the messages. 1. Do not use the same password for your WoW account that you use for other places particularly guildlaunch. 2. Do not use google to find the correct website for the Armory because some of the links found will be phishing sites. If you aren't sure about the website for the Armory, go to worldofwarcraft.com and navigate to it there. Just so you know, it's wowarmory.com.

    Please please don't think that if you don't go to 'those' sites you won't be hacked. Adobe products are attacked on what appears to be a daily basis, so if you go nearly anywhere on the web or read pdf's, you could now have a keylogger. Use a reliable anti-spyware, anti-malware product. I use Microsoft Security Essentials but there are others out there.

    And naturally get an authenticator if you care about your account.

  2. #2
    New Romantic
    Join Date
    Jul 2005
    Location
    Calgary
    Posts
    9,981
    That happened to one of my guildmates recently, with an authenticator being put on the account after it was hacked. I'm guessing it's to slow down the recovery of the account, giving the hackers more time to loot it dry.

    (Ironically enough, after a rash of hacked accounts and guild bank lootings, we'd put in place a policy that you only get promoted to a level with guild bank access if you can prove you have an authenticator by showing the core hound pet. And then this person goes and gets hacked and loots our bank and it turns out they don't have an authenticator, but they got promoted anyway because they happened to be...'close'...to a guild officer...)

  3. #3
    How To Go
    Join Date
    Nov 2006
    Posts
    14,135
    [tinfoilhat]

    Blizzard is hacking the accounts from their servers to sell more authenticators!

    [/tinfoilhat]

    Of course, support costs for hacked accounts make that unlikely... but you never know!

  4. #4
    Neo Acoustic
    Join Date
    Oct 2008
    Location
    The Netherlands
    Posts
    1,649
    And don't click on any of those fake e-mails that I've been getting from "blizzard" since a couple of weeks or even months...

  5. #5
    New Romantic RickH's Avatar
    Join Date
    Jun 2004
    Location
    Dallas, TX XBL/PSN/Steam: tenjackten
    Posts
    9,365
    . . . or react an in-game tell from someone with an official-sounding name urging you to log onto a website.

  6. #6
    Account closed Social Worker
    Join Date
    Oct 2008
    Location
    oakland
    Posts
    3,996
    I am anxious about buying an authenticator, because I'm worried that I will lose it or switch phones and get locked out. How much of a pain in the ass is it if something like that happens?

  7. #7
    New Romantic RickH's Avatar
    Join Date
    Jun 2004
    Location
    Dallas, TX XBL/PSN/Steam: tenjackten
    Posts
    9,365
    Quote Originally Posted by frank austin View Post
    I am anxious about buying an authenticator, because I'm worried that I will lose it or switch phones and get locked out. How much of a pain in the ass is it if something like that happens?
    My understanding is that you should immediately write down the serial number of the authenticator so you can remove it from your WoW account if necessary.

  8. #8
    How To Go
    Join Date
    May 2005
    Location
    Glendale, CA
    Posts
    10,826
    It can be a bit of a pain. You have to fill out a form and fax it along with a copy of your ID. Takes a few days to get resolved.

  9. #9
    Social Worker
    Join Date
    Jun 2007
    Posts
    4,287
    The itunes and Android versions are free. I highly doubt Blizz is happy about the resource drain resulting from hacked accounts.

  10. #10
    How To Go
    Join Date
    May 2005
    Location
    Glendale, CA
    Posts
    10,826
    Quote Originally Posted by RickH View Post
    My understanding is that you should immediately write down the serial number of the authenticator so you can remove it from your WoW account if necessary.
    Or this yes. If you don't do that then it's a real pain.

  11. #11
    New Romantic charmtrap's Avatar
    Join Date
    Oct 2002
    Location
    NorCal
    Posts
    7,341
    Quote Originally Posted by RickH View Post
    . . . or react an in-game tell from someone with an official-sounding name urging you to log onto a website.
    ...and stop buying gold, goddamnit. You're feeding these assholes.

  12. #12
    Broad Band
    Join Date
    Jun 2009
    Location
    Montreal
    Posts
    225
    Happened to me back in October. My WoW account got hacked about a month after I canceled my subscription, but I still had a few weeks of paid time before it ran out. The hacker attached an authenticator too.

    Blizzard was pretty good about the situation, and everything was back to normal within a couple weeks. I wouldn't have cared so much if I hadn't just linked WoW to my Bnet account.

    I didn't pay anything for the authenticator since it's on my iPhone, but it's pretty annoying having to enter an extra code every time I want to log into the SC2 beta.

  13. #13
    Social Worker
    Join Date
    Oct 2008
    Location
    Annapolis, Maryland
    Posts
    2,887
    This happened to me sadly. I hadn't even had an active account since January, it was a message on facebook from a guildy of mine that let me know. Was a pain to get the authenticator removed, but over the course of a week I managed to get it all taken care of, and bought an authenticator of my own.

    Not sure if/when i'll go back to WoW, but at least customer service said they should be able to replace most of my stuff, even after all this time. I was more worried about losing my Diablo 2 and Warcraft 3 keys I had attached to the Battle.net account.

  14. #14
    Social Worker
    Join Date
    Jun 2006
    Posts
    4,930
    Is there really more of an epidemic now than in the past? These things seem to come in waves. We haven't had many people hacked recently that I'm aware of, but one guy said his account was hacked into repeatedly over the course of a week, and is planning to quit WoW now. You'd think he'd do a virus scan or something, but yeah...

  15. #15
    Social Worker
    Join Date
    Jul 2008
    Location
    Canada EH
    Posts
    3,611
    Quote Originally Posted by AndrewM View Post
    Is there really more of an epidemic now than in the past? These things seem to come in waves. We haven't had many people hacked recently that I'm aware of, but one guy said his account was hacked into repeatedly over the course of a week, and is planning to quit WoW now. You'd think he'd do a virus scan or something, but yeah...

    Does he even have antivirus software? I've met more than a few semi tech savy people who refuse to get any because they think their browsing habits are safe.

  16. #16
    Social Worker
    Join Date
    Jun 2006
    Posts
    4,930
    Quote Originally Posted by Morberis View Post
    Does he even have antivirus software? I've met more than a few semi tech savy people who refuse to get any because they think their browsing habits are safe.
    Yeah, we told him to do a scan. I don't know if he took us up on the advice or not.

  17. #17
    Broad Band
    Join Date
    Dec 2006
    Location
    Austin, TX
    Posts
    227
    I had my account nabbed a few months ago, despite not having played WoW for years. By the time I got the authenticator removed and added my own, I discovered that whoever got into it activated a WoLK trial to do who knows what with my account.

  18. #18
    Social Worker
    Join Date
    Sep 2003
    Location
    Celebration, FL
    Posts
    3,607
    I took a look at my Gmail spam folder the other day (I occasionally drop in there to see if it's misidentifying anything). It turns out I'm getting at least 2 WoW phishing emails a day. I've used that email address on my guild's website, and when I registered for Wow.com and Curse.com. I, of course, use it for other things, but those are the only WoW related things.

    So, either the email address was exposed somewhere on the guild site (which is unlikely, as Athryn and Loup keep that nailed down pretty tightly) or one of the other sites has some 'splaining to do. I'm betting on the latter.

  19. #19
    Social Worker
    Join Date
    Feb 2008
    Location
    Boston
    Posts
    3,059
    Quote Originally Posted by Demolira View Post
    I had my account nabbed a few months ago, despite not having played WoW for years. By the time I got the authenticator removed and added my own, I discovered that whoever got into it activated a WoLK trial to do who knows what with my account.
    Same thing happened to me about a year ago. I assumed it was some guy I knew who didn't like me and was trying to be a dick.

    Whoever it was took my character and put it in a guild called "ICritOnYourPizza" and activated a LK trial and started leveling up. Odd behavior; there wasn't really anything on the character to steal. Why would a gold farmer steal a character like that and begin leveling it up?

  20. #20
    Mad Chester
    Join Date
    Jan 2007
    Location
    Louisiana
    Posts
    1,128
    My brother's account was stolen while it was inactive. The new owner added both expansions and got a DK up to level 80. My brother then got the account back, and was happy it happened.

  21. #21
    Account closed How To Go
    Join Date
    Sep 2006
    Posts
    10,012
    Quote Originally Posted by mystery View Post
    I took a look at my Gmail spam folder the other day (I occasionally drop in there to see if it's misidentifying anything). It turns out I'm getting at least 2 WoW phishing emails a day. I've used that email address on my guild's website, and when I registered for Wow.com and Curse.com. I, of course, use it for other things, but those are the only WoW related things.

    So, either the email address was exposed somewhere on the guild site (which is unlikely, as Athryn and Loup keep that nailed down pretty tightly) or one of the other sites has some 'splaining to do. I'm betting on the latter.

    Or spammers just spam everyone. But it's entirely possible that someone on wow.com / curse.com has some 'splaining to do. This is why we need capabilities-based email systems.

  22. #22
    Social Worker
    Join Date
    Jun 2006
    Posts
    4,930
    Quote Originally Posted by Wallapuctus View Post
    Why would a gold farmer steal a character like that and begin leveling it up?
    Botted farming of herbs and minerals, I assume. It may eventually get banned, so they wouldn't want it to be on an account they paid for.

  23. #23
    Mad Chester
    Join Date
    Dec 2003
    Posts
    1,375
    Spammers just spam everyone, because I never use the email I use for my WoW account anywhere else other than with some close friends and anything that is work related. I've gotten a about 2 or 3 phishing emails to it that have made it through the spam filters in the past 5 years.

  24. #24
    Social Worker Harkonis's Avatar
    Join Date
    Nov 2006
    Posts
    4,236
    Quote Originally Posted by Demolira View Post
    I had my account nabbed a few months ago, despite not having played WoW for years. By the time I got the authenticator removed and added my own, I discovered that whoever got into it activated a WoLK trial to do who knows what with my account.

    I had this happen to me, they sold all my gear and changed my professions to mining and herbs. I hadn't played in almost two years. I noticed my password didn't work, did password recovery and logged on and noticed all the changes. I contacted Blizzard and told them what happened and a few days later they returned all my stuff to me.

    Then comes the part that pissed me off... I logged on and started playing again and was debating restarting the subscription. I log on and then get logged off and it tells me my account is banned since I had two people using it. Well no shit, that's why I had called, since someone else had been using it. They didn't fix the ban and by the time it wore off my trial had expired so they don't get my money.

  25. #25
    World's End Supernova
    Join Date
    Jun 2002
    Location
    Seattle, WA
    Posts
    34,143
    To the people who've gotten accounts stolen: how strong were you passwords?

  26. #26
    Social Worker
    Join Date
    Sep 2003
    Location
    Celebration, FL
    Posts
    3,607
    Quote Originally Posted by AaronSofaer View Post
    Or spammers just spam everyone. But it's entirely possible that someone on wow.com / curse.com has some 'splaining to do. This is why we need capabilities-based email systems.
    Of course spammers spam everyone, but they would rarely send out WoW-specific phising emails to a general list, as a matter of efficiency. I don't get the same WoW phishing emails at any of my other email addresses, and at this one, I get 2-3 per day. Not 2-3 in the last five years.

  27. #27
    How To Go
    Join Date
    Sep 2004
    Location
    Pasadena, Ca
    Posts
    11,328
    Quote Originally Posted by Jason McCullough View Post
    To the people who've gotten accounts stolen: how strong were you passwords?
    Keep in mind it doesn't matter with keyloggers, which apparently are far more popular than trying to brute force passwords. Brute forcing passwords takes actual knowledge and software, while phishing sites, installing trojans, etc means you can just look up this stuff on google and be good to go.

    My password on WoW is not very strong but I use an authenticator, meaning even if they guess my password (which is unique to WoW) they still can't get in.

  28. #28
    Social Worker
    Join Date
    May 2006
    Location
    In the Mancave, oblivious to the horrors of the real world!
    Posts
    4,197
    Authenticators are so cheap that I don't see why people don't get one. Yeah, having to enter two "passwords" to log in is a bit of a pain, but it makes your account 100x more secure. Seems like the trade off is worth it.

  29. #29
    Social Worker
    Join Date
    Jun 2006
    Posts
    4,930
    Quote Originally Posted by Charlatan View Post
    Authenticators are so cheap that I don't see why people don't get one. Yeah, having to enter two "passwords" to log in is a bit of a pain, but it makes your account 100x more secure. Seems like the trade off is worth it.
    I'm going to wait until I get hacked to purchase one.

  30. #30
    New Romantic
    Join Date
    Jul 2008
    Posts
    8,502
    Quote Originally Posted by AndrewM View Post
    I'm going to wait until I get hacked to purchase one.
    Don't worry, if you do get hacked, the hackers will surely purchase one for you.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •