Actually I never expected a post of this quality so kudos to you Ok starting from first question. I'm on EU.
Anyhow all these things you mentioned (router bla bla bla) are all CHANGED and setup for ultimate security. Even my network isn't something like 192.168.x.x cause of how all routers are that and it's a violator's first guess if you wanna hack into some router. Wi-fi disabled, bla bla bla don't wanna get into details I know what you mean and it's already done.
Anyhow none of my friends that play WoW live in the same country and they don't even know my username (i use a completely different one and got a special email setup for this account from my ISP used for WoW alone to maximize security). I did this since I was really into the game and serious about it so I wanted maximum security for what I was spending so much time on. In fact if I had any loose ends I'd just shut up about it. However my system, my accounts and everything here is setup as it should be as safe as possible. I'm pretty sure it's quite safe (unless really someone needs to get to me then everythin is possible) but from random attacks I'm pretty bulletproof. I might seem certain about this but I am since I myself built several gaming centers in different countries and the oldest one is operating for the 7th year now and never had -1- similar situation (keep in mind that more than 200 people visit it a day and play MMORPGs and no one ever complained abt something going wrong).
The reason it is so strange about my accounts is that, the one that got hacked ONLY had my lvl 70 hunter which I'm raiding and some level 13 warlock toon which was also stripped naked (yay someone earned around 50s with this one!). However the other accounts were, in my opinion more valuable! One actually has 2 level 70s (rogue and druid) that I help my mate get them PvP specced so they are both like 2 gladiators and 2 merciless and stacks of heavy knothide leather and ore since its what he does for income on his characters. This account also had a lvl 49 twinked mage!
Now the 3rd account belonging to my GF that quit the game 2 months ago has a Karazhan geared resto shaman and a bank full of herbs and pots/flasks! (No before you say smthn we are still together no reason for her to get back at me )
The funny thing is out of 3 accounts, my own was the safest. No one knew about its details, I never shared it with someone bla bla The other two at least me and someone else knew about them yet they are still safe and their passes remain unchanged.
In conclusion, if you were to STEAL my character, you'd go for the tier5 hunter. If you were to make money out of me you'd go for the other accounts... That's what makes it even weirder.
I also wanted to mention that I just checked out my other MMO accounts. Yes Lotro is untouched (got lifetime membership at it won it somewhere), Guild wars is also untouched the rest I can't be bothered since you can't login unless you renew them :P
From where I'm standing the game is too much of a fuss to get back on track unless I get fully restored. I still await for any kind of response in game or via email from Blizzard
Thanks, sometimes I can get carried away with words and such (I won't make this long, I promise). So yeah, you're on EU, well I can't say anything about how Blizzard runs their service there, I was only on US. And I see you are well knowledgeable in your security area, and how things work, that's good. I'm just really stumped on this mystery with your account, and how it magically became hacked. If the password on your main account is really hard to guess at (For example: A-z 0-9), then I cannot see how someone would just pick out your account name and have at it. The only way I could see that happening is someone that already knows your account name. You are sure you didn't reveal it to anyone? Not trying to talk down to you or anything, just trying to figure everything out. I don't think a hacker would just break in, and pick your name out, it doesn't seem likely. There are tons of accounts for WoW with the letter "M," I highly doubt a hacker came in and said; "HEY! I'll pick this one here." I'd say, anyone smart would start from the top and go to the bottom.
Again, keep in mind there are tons of "M" names. I'm sure on an estimate of 5,000-10,000 or more. To break it down, your account name was obtained, as well as your password somehow. It is probably a 1/9000000 chance your name was just "picked" out of a list. I know you said your friends are in other countries, but how well do you know them? The person that hacked into your account, has to know your account username/password, or just the username and went on to figure out the password. Now, I don't think I ever heard of a WoW account being hacked out of nowhere. The reason that was usually given is: "Account name/Password was given to a friend or family member, and he/she deleted or took items, etc.", "Account name/Password was given to a non-trustable powerleveling service (blizzard usually bans these accounts now)", "User was trying to sell his/her account, and someone stole the account from scamming", "I was drunk, and deleted everything, not remembering it happened." Don't take that last one seriously, but sadly, I've heard of WoW players doing such a thing. Not saying you did that however.
Oh, yeah, I said it wasn't going to be long this time. I am really stumped on your situation. I do hope Blizzard fixes you, and you hopefully solve this... mystery. It's a very strange one at that. Oh, also one more thing, I'm not sure if you mentioned it or not, but was the password changed on your main account? A hacker would likely change the password for good, until Blizzard takes care of it. If the password wasn't changed, something weird is going on.
I've never seen or heard of a mod that you download to the addon folder having the capabilities to keylog. It is only using the blizzard scripting language which doesn't have that kind of power to record and transmit keystrokes, not to mention the fact they don't load until after you are logged in. Do some people download and execute files they believe are WoW mods that are not, sure. Launching WoW will not make it execute 3rd party programs.
Anyhow, to the original poster. The strength of your password doesn't really matter unless the blizzard servers are under a brute force attack, which I really don't think is the case. I highly doubt someone hacked the blizzard servers to get you and your friends account info out of 9 million subscribers (1 in 9m^2 chance?). In fact, it sounds all to fishy that your friend "mysteriously" got hacked also. While nothing is impossible in cases like this the overwhelming odds are that someone has a keylogger or your friend "hacked" you if I read correctly that he plays on your third account?
Long story short is there is a rash of account hackings. Why? It is easier, less risky and more lucrative right now to hack WoW accounts and sell the gold than it is to break real laws of credit card fraud. (which is also why no one is bothering much with hacking other games accounts). That is why it is so rampant right now.
On another note, go check your post history on the wow forums and see if any of your characters are spamming links to keyloggers. That is a dead giveaway that you have a keylogger somewhere.
I am sorry, but that is the most stupid statement i have ever heard in my life. Blizzard is responsible if your machine gets keylogged? Blizzard is responsible if you give your username and password to a power leveller?? Blizzard is responsible if you just give your account away and then decide that you want it back??? WE are responsible for our own security. If someone hacked Blizzards servers and stole all of our usernames and passwords you may have a case, but other than that all of your legal squawking is just mad!
Exactly right! If you got hacked, it was on you, not Blizzard. Period.
First, no thats a different friend that got hacked not the one I play with his account.
We were just random chatting and he told me he's pissed off cause he lost like 1000g the night before cause of him gettin hacked.
My point is not that our mishaps are connected (even if somehow they could be) but that the hackings occur rather frequently.
Secondly, yes I know what you talk about viruses posting keylogers on forums but no. didn't happen.
Anyhow,
I can understand that somehow, sometime information get compromised.
Maybe someone managed to alter the WoW account management site or exploited some game mechanic through an addon to get account info (which I think is impossible atm). Maybe someone is psychic and has an affinity of pickin up usernames and passes.
The real problem is not how the game is unsafe or has flawed security or whatever even if the frequency of this events is kind of...weird.
The problem lies in what is Blizzard doing to ensure people are safe and will be able to continue playing no matter what.
BTW something totally offtopic now but just to see how a GM can be...lame...
I was talkin about this to a close friend here who is also around MMORPGs with his son and he quit WoW after a ridiculous issue.
It's quite a story so I'd share it with you
This guy pays for 2 accounts (his and his 10 year old son) so they play a bit together on weekends and nights instead of watchin TV. They seem to have a lot of fun and it really brings them close to level up together. Anyhow.
The kid named his character something like ibox and lots of people were making fun of him callin him idiot/retard etc.
Turns out ibox is slang for idiot-box used to call people stupid. Yes, the ppl were just jokin however in the eyes of a 10yr old kid is not that pleasant.
So my friend goes to his son's pc and opens a ticket explaining this situation and asking for assistance. The ridiculous part is the GM response was " Please sir, do not share the account with your son its against policy".
I mean, seriously - It's ridiculously funny yet somehow stupid.
Needless to say, the kid did not wanna play anymore and after a big and comprehensive email (he had to even link sites and dictionaries to support that ibox = slang) they contacted him back after 2 weeks that he may change his character name HOWEVER account sharing would not be tolerated and its against policy punishable by suspending his son's account for 7 days (lol?).
Needless to say he just froze his account and got a new MMO with his son for their gaming times.
Sorry to hear man, that makes me angry that blizz has such a care free attitude towards things such as this. Quality assistance can make a good game great and vice versa...friend of mine used to be a WoW GM and sadly they have a quantity over quality philosophy.
If the GM was rude, then there is a problem to be addressed, but can we all get off this "blizzard GM's don't take it seriously enough" gig. Try this;
Scenario 1 - Hacker steals your account details, logs into your account, strips all of your gear and sells it, goes to the auctions and buys a load of overpriced items from some 'Level 1' people he knows to 'launder' the gold.
Scenariao 2 - You are short of money, you get your friend to log into your account, he strips all of your gear and sells it, goes to the auctions and buys a load of overpriced items from some 'Level 1' people he knows to 'launder' the gold.
Are we getting it yet?
It is not ideal and it does sting the genuine people that have lost their accounts and items, but what do you expect Blizzard to do. Can you imagine for one second the floodgates that would open if they just started giving back everything a person claims to have lost, just becase they say that they have. On the other hand, can you understand the time it would take to investigate a theft like that to the extreme, especially when you are going to run into dead ends a lot of the time.
I am not saying that Blizzard do all that they can, but after working in systems and support environments for over 21 years myself i can understand the constraints they are under. I really am genuinely sorry if this is what happened to you, but as i have said before, my main focus would have to be on how i got hacked in the first place rather than venting all my anger at Blizzard.
It must be Thursday, i never could get the hang of Thursdays.
I never got hacked and I dont use a software firewall as it slows the system.. I always download my AddOns from Curse.com and although they arent bullet-proof, it helps if you only download the highest rated and most known AddOns.
What is a keylogger.. a keylogger runs in the "background" and it must be executed at least once by the user to start running always at the windows startup. This is why YOU NEVER DOWNLOAD .EXE ADDONS! Only .zip ones. Unless the AddOn script starts a .exe inside the AddOns folder it will be risk free.
You can start by after downloading a .zip AddOn, check for any .exe files inside the AddOn's subfolders. If it has a .exe file, then it is suspicious and should be avoided.
Comments
Thanks, sometimes I can get carried away with words and such (I won't make this long, I promise). So yeah, you're on EU, well I can't say anything about how Blizzard runs their service there, I was only on US. And I see you are well knowledgeable in your security area, and how things work, that's good. I'm just really stumped on this mystery with your account, and how it magically became hacked. If the password on your main account is really hard to guess at (For example: A-z 0-9), then I cannot see how someone would just pick out your account name and have at it. The only way I could see that happening is someone that already knows your account name. You are sure you didn't reveal it to anyone? Not trying to talk down to you or anything, just trying to figure everything out. I don't think a hacker would just break in, and pick your name out, it doesn't seem likely. There are tons of accounts for WoW with the letter "M," I highly doubt a hacker came in and said; "HEY! I'll pick this one here." I'd say, anyone smart would start from the top and go to the bottom.
Again, keep in mind there are tons of "M" names. I'm sure on an estimate of 5,000-10,000 or more. To break it down, your account name was obtained, as well as your password somehow. It is probably a 1/9000000 chance your name was just "picked" out of a list. I know you said your friends are in other countries, but how well do you know them? The person that hacked into your account, has to know your account username/password, or just the username and went on to figure out the password. Now, I don't think I ever heard of a WoW account being hacked out of nowhere. The reason that was usually given is: "Account name/Password was given to a friend or family member, and he/she deleted or took items, etc.", "Account name/Password was given to a non-trustable powerleveling service (blizzard usually bans these accounts now)", "User was trying to sell his/her account, and someone stole the account from scamming", "I was drunk, and deleted everything, not remembering it happened." Don't take that last one seriously, but sadly, I've heard of WoW players doing such a thing. Not saying you did that however.
Oh, yeah, I said it wasn't going to be long this time. I am really stumped on your situation. I do hope Blizzard fixes you, and you hopefully solve this... mystery. It's a very strange one at that. Oh, also one more thing, I'm not sure if you mentioned it or not, but was the password changed on your main account? A hacker would likely change the password for good, until Blizzard takes care of it. If the password wasn't changed, something weird is going on.
Good luck!
Edit: Minor typos.
I've never seen or heard of a mod that you download to the addon folder having the capabilities to keylog. It is only using the blizzard scripting language which doesn't have that kind of power to record and transmit keystrokes, not to mention the fact they don't load until after you are logged in. Do some people download and execute files they believe are WoW mods that are not, sure. Launching WoW will not make it execute 3rd party programs.
Anyhow, to the original poster. The strength of your password doesn't really matter unless the blizzard servers are under a brute force attack, which I really don't think is the case. I highly doubt someone hacked the blizzard servers to get you and your friends account info out of 9 million subscribers (1 in 9m^2 chance?). In fact, it sounds all to fishy that your friend "mysteriously" got hacked also. While nothing is impossible in cases like this the overwhelming odds are that someone has a keylogger or your friend "hacked" you if I read correctly that he plays on your third account?
Long story short is there is a rash of account hackings. Why? It is easier, less risky and more lucrative right now to hack WoW accounts and sell the gold than it is to break real laws of credit card fraud. (which is also why no one is bothering much with hacking other games accounts). That is why it is so rampant right now.
On another note, go check your post history on the wow forums and see if any of your characters are spamming links to keyloggers. That is a dead giveaway that you have a keylogger somewhere.
Exactly right! If you got hacked, it was on you, not Blizzard. Period.
Let me see.
First, no thats a different friend that got hacked not the one I play with his account.
We were just random chatting and he told me he's pissed off cause he lost like 1000g the night before cause of him gettin hacked.
My point is not that our mishaps are connected (even if somehow they could be) but that the hackings occur rather frequently.
Secondly, yes I know what you talk about viruses posting keylogers on forums but no. didn't happen.
Anyhow,
I can understand that somehow, sometime information get compromised.
Maybe someone managed to alter the WoW account management site or exploited some game mechanic through an addon to get account info (which I think is impossible atm). Maybe someone is psychic and has an affinity of pickin up usernames and passes.
The real problem is not how the game is unsafe or has flawed security or whatever even if the frequency of this events is kind of...weird.
The problem lies in what is Blizzard doing to ensure people are safe and will be able to continue playing no matter what.
BTW something totally offtopic now but just to see how a GM can be...lame...
I was talkin about this to a close friend here who is also around MMORPGs with his son and he quit WoW after a ridiculous issue.
It's quite a story so I'd share it with you
This guy pays for 2 accounts (his and his 10 year old son) so they play a bit together on weekends and nights instead of watchin TV. They seem to have a lot of fun and it really brings them close to level up together. Anyhow.
The kid named his character something like ibox and lots of people were making fun of him callin him idiot/retard etc.
Turns out ibox is slang for idiot-box used to call people stupid. Yes, the ppl were just jokin however in the eyes of a 10yr old kid is not that pleasant.
So my friend goes to his son's pc and opens a ticket explaining this situation and asking for assistance. The ridiculous part is the GM response was " Please sir, do not share the account with your son its against policy".
I mean, seriously - It's ridiculously funny yet somehow stupid.
Needless to say, the kid did not wanna play anymore and after a big and comprehensive email (he had to even link sites and dictionaries to support that ibox = slang) they contacted him back after 2 weeks that he may change his character name HOWEVER account sharing would not be tolerated and its against policy punishable by suspending his son's account for 7 days (lol?).
Needless to say he just froze his account and got a new MMO with his son for their gaming times.
GO FIGURE?! - Good story tho :P
Sorry to hear man, that makes me angry that blizz has such a care free attitude towards things such as this. Quality assistance can make a good game great and vice versa...friend of mine used to be a WoW GM and sadly they have a quantity over quality philosophy.
If the GM was rude, then there is a problem to be addressed, but can we all get off this "blizzard GM's don't take it seriously enough" gig. Try this;
Scenario 1 - Hacker steals your account details, logs into your account, strips all of your gear and sells it, goes to the auctions and buys a load of overpriced items from some 'Level 1' people he knows to 'launder' the gold.
Scenariao 2 - You are short of money, you get your friend to log into your account, he strips all of your gear and sells it, goes to the auctions and buys a load of overpriced items from some 'Level 1' people he knows to 'launder' the gold.
Are we getting it yet?
It is not ideal and it does sting the genuine people that have lost their accounts and items, but what do you expect Blizzard to do. Can you imagine for one second the floodgates that would open if they just started giving back everything a person claims to have lost, just becase they say that they have. On the other hand, can you understand the time it would take to investigate a theft like that to the extreme, especially when you are going to run into dead ends a lot of the time.
I am not saying that Blizzard do all that they can, but after working in systems and support environments for over 21 years myself i can understand the constraints they are under. I really am genuinely sorry if this is what happened to you, but as i have said before, my main focus would have to be on how i got hacked in the first place rather than venting all my anger at Blizzard.
It must be Thursday, i never could get the hang of Thursdays.
I never got hacked and I dont use a software firewall as it slows the system.. I always download my AddOns from Curse.com and although they arent bullet-proof, it helps if you only download the highest rated and most known AddOns.
What is a keylogger.. a keylogger runs in the "background" and it must be executed at least once by the user to start running always at the windows startup. This is why YOU NEVER DOWNLOAD .EXE ADDONS! Only .zip ones. Unless the AddOn script starts a .exe inside the AddOns folder it will be risk free.
You can start by after downloading a .zip AddOn, check for any .exe files inside the AddOn's subfolders. If it has a .exe file, then it is suspicious and should be avoided.