The people who think this is blizzard's fault have no clue as to how people are actually getting their accounts stolen, and don't want to know. My previous post says it all. If that doesn't clear it up then there is no helping them and they should just be left to rant for the sake of ranting.
It is both parts the users and Blizzard's fault.
The user's are likely not taking all of the precautions they should be, and Blizzard is not following the best practices for IT security design and management.
Purely blaming one or the other is ignoring the real issues.
Not trying to be picky but how? Every design that allows external assess has it weakness.
Insider information helps a lot in tracking down the weakness, but constant probing will sometimes hit a blind spot by luck.
As a well known dictum for systems design, there is no fool proof system, nor bug free system. At that point in design that is the best a few heads can figure out. Upon deadline, the system will have to be implemented. There is just so many man hours you can spend in design stage, or we will never see our games, or whatever software, or whatever product at all.
This is exactly truen in terms of IT with large companies. Right now stealing some players accounts is more prifitable than stealing a bank account. With the current systems it is just as easy to get the login info for wow as it is to get the login info for bank websites. Blizzard literally cannot do more than they already are. User machines are not employee machines that they can cut off from the rest of the web behind a huge ass firewall.
The people who think this is blizzard's fault have no clue as to how people are actually getting their accounts stolen, and don't want to know. My previous post says it all. If that doesn't clear it up then there is no helping them and they should just be left to rant for the sake of ranting.
It is both parts the users and Blizzard's fault.
The user's are likely not taking all of the precautions they should be, and Blizzard is not following the best practices for IT security design and management.
Purely blaming one or the other is ignoring the real issues.
Not trying to be picky but how? Every design that allows external assess has it weakness.
Insider information helps a lot in tracking down the weakness, but constant probing will sometimes hit a blind spot by luck.
As a well known dictum for systems design, there is no fool proof system, nor bug free system. At that point in design that is the best a few heads can figure out. Upon deadline, the system will have to be implemented. There is just so many man hours you can spend in design stage, or we will never see our games, or whatever software, or whatever product at all.
Using user email as the username is not best practices. Best practices of IT security is that username is kept as private as the password is. By using an email address as a username, you are exposing half of the login information. You can say "so what?" Well, just look at the spike of hackings since the B.net conversion and you have your "what".
Best practices for IT security also emphasizes the fact that users are very likely going to do something stupid, or not do everything they need to. That's why you have to design a system with this in mind, and make it as simple as possible for the user to behave in a secure manner. Which again, forcing the B.net username to be the email definately goes against this methodology.
I completely agree.
Disclaimer: This is not a troll post and is not here to promote any negative energy. Although this may be a criticism, it is not meant to offend anyone. If a moderator feels the post is inappropriate, please remove it immediately before it is subject to consideration for a warning. Thank you.
The people who think this is blizzard's fault have no clue as to how people are actually getting their accounts stolen, and don't want to know. My previous post says it all. If that doesn't clear it up then there is no helping them and they should just be left to rant for the sake of ranting.
It is both parts the users and Blizzard's fault.
The user's are likely not taking all of the precautions they should be, and Blizzard is not following the best practices for IT security design and management.
Purely blaming one or the other is ignoring the real issues.
Not trying to be picky but how? Every design that allows external assess has it weakness.
Insider information helps a lot in tracking down the weakness, but constant probing will sometimes hit a blind spot by luck.
As a well known dictum for systems design, there is no fool proof system, nor bug free system. At that point in design that is the best a few heads can figure out. Upon deadline, the system will have to be implemented. There is just so many man hours you can spend in design stage, or we will never see our games, or whatever software, or whatever product at all.
Using user email as the username is not best practices. Best practices of IT security is that username is kept as private as the password is. By using an email address as a username, you are exposing half of the login information. You can say "so what?" Well, just look at the spike of hackings since the B.net conversion and you have your "what".
Best practices for IT security also emphasizes the fact that users are very likely going to do something stupid, or not do everything they need to. That's why you have to design a system with this in mind, and make it as simple as possible for the user to behave in a secure manner. Which again, forcing the B.net username to be the email definately goes against this methodology.
Hate to burst your bubble, but there were the same amount of spikes and the stealing of accounts was just as rampant before they made that change. Keyloggers will steal the info no matter what info it is. Even if they don't already have the username, it is just as easy. Here is how it works.
After the email as username change: The keylogger detects the username and password being entered, logs the info, and sends it to the hacker.
Before the email as username change: The keylogger detects the username and password being entered, logs the info, and sends it to the hacker.
Nothing changed or got easier after they made that change. Everything just stayed the same.
The people who think this is blizzard's fault have no clue as to how people are actually getting their accounts stolen, and don't want to know. My previous post says it all. If that doesn't clear it up then there is no helping them and they should just be left to rant for the sake of ranting.
It is both parts the users and Blizzard's fault.
The user's are likely not taking all of the precautions they should be, and Blizzard is not following the best practices for IT security design and management.
Purely blaming one or the other is ignoring the real issues.
Not trying to be picky but how? Every design that allows external assess has it weakness.
Insider information helps a lot in tracking down the weakness, but constant probing will sometimes hit a blind spot by luck.
As a well known dictum for systems design, there is no fool proof system, nor bug free system. At that point in design that is the best a few heads can figure out. Upon deadline, the system will have to be implemented. There is just so many man hours you can spend in design stage, or we will never see our games, or whatever software, or whatever product at all.
Using user email as the username is not best practices. Best practices of IT security is that username is kept as private as the password is. By using an email address as a username, you are exposing half of the login information. You can say "so what?" Well, just look at the spike of hackings since the B.net conversion and you have your "what".
Best practices for IT security also emphasizes the fact that users are very likely going to do something stupid, or not do everything they need to. That's why you have to design a system with this in mind, and make it as simple as possible for the user to behave in a secure manner. Which again, forcing the B.net username to be the email definately goes against this methodology.
I completely agree.
Cannot say you are wrong, but what comes to mind is, if there is a keylogger, the theft is a one off, login name and password all at once. Unless the user changes his password so fast that the thief never gets to use it (that essentially is what an authenticator does), I do not see how the format of a static user name makes a difference.
Anything static is fully vulnerable to a keylogger, email address or username, makes no difference. There is no privacy when it comes to keyloggin, you type it in, its stolen.
Ultimately the security of your account within the confines of your PC is your duty, not the game companies out there. They've long since realized the things I've pointed out here, especially with regards to virus scanners, malware checkers, etc. No program is going to find everything that can potentially compromise your account, and they realize that. All they can hope to do is set a policy in place, and urge their customers to be safe and use safe computing habits.
Any respectable IT professional with any shred of IT security knowledge knows that it is equally the responsibility of the user, and those who configure and maintain the system.
Poor system security design, whether it be unintuative, require unnecessary 'extra steps' for the user to ensure security, or just plain flawed with security gaps, it is still in part the responsibility of the administrators, even if the users are not doing all they can.
Blizzard is guilty of this. Particularly in part due to their forced shift of requiring users to use their emails as usernames, rather than a unique and privately known username.
You could argue that it's the user's fault for not making a 'separate email exclusively for their Battle.net account', but that's just a cop out. In this case it's unreasonable to expect users to have to shift their regular behavior, and go out of their way to stay secured. Why? Because things were fine the way they were before. The change was made at Blizzard's whim, for whatever reason, and the direct decision has created an additional gap in security, which users are expected to address. This is poor IT security management, plain and simple
While there is no solid theory to suggest that using email accounts as log in makes a game account vulnerable, I do have my personal hesitation when bnet conversion was announced. Tell you what. Guildwars also use email accounts as log in names. This method of login identification is not new.
As a gamer, if you care about your account and are reasonable alert, you should know the risks when converting to bnet. Making a separate email account, protecting it from day to day exposure and so on are reasonable acts of safety precaution. If you do not lock you car properly and park it in dangerous zones, you are raising the odds that you will come back to find your car missing.
WoW fan sites are being hacked, their member information (including email addresses and passwords) are stolen. If the passwords are hashed or encrypted, the hackers try to crack it. The hackers then take this information and try to login to the WoW account, failing that they try to breach the user's email using the same information to get another shot at compromising the WoW account. This method does work against those unfortunate enough to use the same email and/or password as their WoW account as they do with WoW related sites, and was less viable prior to the B.net conversion... hence the spike in hackings since the B.net conversion.
I've been following this happening. WoW related fan or guild sites get breached, and then a wave of users have their accounts breached shortly thereafter. Sure it's easy to blame the users for using the same email, and/or password, but this simply wouldn't be happening if the B.net conversion didn't force usernames to be the email.
So people stupid enough to use the same email address and password in registering guild forums are wise enough not to use same username and passwords. Hmm funny logic.
I agree, using email address makes me uncomfortable, not because of your reasoning. I am uncomfortable b/c my login name is at the wimp of a third party, say gmail yahoo or whatever (obviously I am not using those, that is why I quote them here). I can hide my username for a game by neverr using it outsie a game, but an email account, it is slightly possible that the privacy is compromised from events outside my control. Frankly I am pretty sure blizz spend more effort protecting the login name password to wow,. than yahoo spend in protecting the email address (not password) list.
Some of them do use the same usernames and/or passwords, and they have been hacked in the past. However, it's more common knowledge (even for those who seem to lack it) that your username and password should be unique and not reused. It's actually promoted usually, and stated when creating an account. Keep in mind as well, picking a unique username is a lot more simplistic and straightforward than setting up a new email via a third party every time you want to create a new account for something that uses email as the login name.
My biggest gripe about the change to the username is that it was wholey unneccesary. There's no reason why Blizzard couldn't have just let us pick a new username for our B.net account. It was an arbitrary decision that simply added a security gap, when the previous method was working perfectly fine.
I think that those 'hacked' have lost the sympathy factor. We have all seen those incredibly obvious 'engrish' emails in our spam folders. I am sorry, but if you are dumb enough to fall for this, you deserve what you got.
You dont feel sorry for idiots that fall for the 'I am from Nigeria and want to give you a million dollars' emails...why offer pitty to idiots that cant read 'engrish'?
These folks were not 'hacked'...they were simply punished (deservidly) for their own stupidity. Its far too easy (and free) to protect your PC. Most 'hacks' do not come from bad downloads...but by folks going to fake (again, obvious) sites and with both eyes open...giving away their account.
It's Blizzard's job to be your personal IT Dept. They are supposed to tell you how to secure your computer and probably your home network, too.
They are supposed to keep your system patched and updated with all of the OS updates. They are also supposed to monitor your firewall and antivirus applications to ensure they are up to date as well. And as for your anti-spyware software, yeah, they got that covered as well.
You should be completely free to install whatever you want, downloaded form wherever, and Blizz is supposed to pre-scan and verify that 100% of online content you wish to view is safe. You want to download games, movies, software, etc... from sites for free!?!?! Sure, go ahead... Blizz supports that, too! They will make sure your software is free of charge, safe, and if you have issues running the cracks.. it's their fault. Call their support line and they'll be more than happy to assist.
Furthermore, Blizzard should hire 1 support person for every player. That's right, a 1:1 ratio of support staff to playerbase!
If you let your friends play your characters and share your account regularly... sure, Blizz supports that! Afterall, they secure your friend's PC's, too!!!!!
Blizz also babysits all the kids that are out of school for the summer. (okay, they do kinda do that, sadly)
They offer couples counseling as well as dating services!
They save you more money on your car insurance than that dumb little lizard's company!
Body by Blizzard! That's right... get ripped while raiding!!!!!!!!!! Eat loads and loads of pizza... Blizz will make sure your sixpack dominates 'the situation'.
They did not sleep with Tiger Woods!
...
/sarcasm off
You Sir, are a genius ... genuine laugh out loud moment .. thank you!
Some of them do use the same usernames and/or passwords, and they have been hacked in the past. However, it's more common knowledge (even for those who seem to lack it) that your username and password should be unique and not reused. It's actually promoted usually, and stated when creating an account. Keep in mind as well, picking a unique username is a lot more simplistic and straightforward than setting up a new email via a third party every time you want to create a new account for something that uses email as the login name.
My biggest gripe about the change to the username is that it was wholey unneccesary. There's no reason why Blizzard couldn't have just let us pick a new username for our B.net account. It was an arbitrary decision that simply added a security gap, when the previous method was working perfectly fine.
Agree, I feel very uncomfortable when I am told blizz wants people to use email accounts for bnet, and making bnet mandatory for wow. Still wonder why they make that move.
You are right, people should create a hard to guess username, by the same token,they should use a lesser known email server and create a unique email account that is not going to be used anywhere else. My email account is so "protected", it does not exist practically, after the bnet registration, until it is needed again for any other purpose.
The people who think this is blizzard's fault have no clue as to how people are actually getting their accounts stolen, and don't want to know. My previous post says it all. If that doesn't clear it up then there is no helping them and they should just be left to rant for the sake of ranting.
It is both parts the users and Blizzard's fault.
The user's are likely not taking all of the precautions they should be, and Blizzard is not following the best practices for IT security design and management.
Purely blaming one or the other is ignoring the real issues.
Not trying to be picky but how? Every design that allows external assess has it weakness.
Insider information helps a lot in tracking down the weakness, but constant probing will sometimes hit a blind spot by luck.
As a well known dictum for systems design, there is no fool proof system, nor bug free system. At that point in design that is the best a few heads can figure out. Upon deadline, the system will have to be implemented. There is just so many man hours you can spend in design stage, or we will never see our games, or whatever software, or whatever product at all.
Using user email as the username is not best practices. Best practices of IT security is that username is kept as private as the password is. By using an email address as a username, you are exposing half of the login information. You can say "so what?" Well, just look at the spike of hackings since the B.net conversion and you have your "what".
Best practices for IT security also emphasizes the fact that users are very likely going to do something stupid, or not do everything they need to. That's why you have to design a system with this in mind, and make it as simple as possible for the user to behave in a secure manner. Which again, forcing the B.net username to be the email definately goes against this methodology.
Hate to burst your bubble, but there were the same amount of spikes and the stealing of accounts was just as rampant before they made that change. Keyloggers will steal the info no matter what info it is. Even if they don't already have the username, it is just as easy. Here is how it works.
After the email as username change: The keylogger detects the username and password being entered, logs the info, and sends it to the hacker.
Before the email as username change: The keylogger detects the username and password being entered, logs the info, and sends it to the hacker.
Nothing changed or got easier after they made that change. Everything just stayed the same.
I'm well aware of how a keylogger works, and never stated that the B.net conversion changed this. The amount of hackings did increase due to the exposure of the email address as username.
There are three major avenues for compromised accounts:
1. Phishing/social engineering
2. Keylogging
3. Obtaining login information from third party information
The change in username to email simply increased the probability of the 3rd main point occuring, by using a publicly exposed value as one half of what should be private login information.
I'm well aware of how a keylogger works, and never stated that the B.net conversion changed this. The amount of hackings did increase due to the exposure of the email address as username.
There are three major avenues for compromised accounts:
1. Phishing/social engineering
2. Keylogging
3. Obtaining login information from third party information
The change in username to email simply increased the probability of the 3rd main point occuring, by using a publicly exposed value as one half of what should be private login information.
So do not use a popular email site, if you use yahoo, and log in from china, oh well.
Its your game ID for christ sake, if losing the account is so important, the user should think about what email server to use.
Keep in mind that hackers can directly attack your email account now. There are ways to do that without ever having to interact with the end users computer or spamming the email account. It can be done without the need for anything from the end user.
Shinzou is right though. Hacking was a major problem before battle.net conversion.
That is why blizzard introduced the authenticator in June 2008. The battlenet conversion didn't take place until Dec 2009.
End users selecting insecure email accounts for their login names only made the problem worse. It was a stupid choice by blizzard, but the ultimate responsibility of securing account details falls on the user. Blizzard cannot stop players from effectively posting their login name all over the internet.
I'm well aware of how a keylogger works, and never stated that the B.net conversion changed this. The amount of hackings did increase due to the exposure of the email address as username.
There are three major avenues for compromised accounts:
1. Phishing/social engineering
2. Keylogging
3. Obtaining login information from third party information
The change in username to email simply increased the probability of the 3rd main point occuring, by using a publicly exposed value as one half of what should be private login information.
So do not use a popular email site, if you use yahoo, and log in from china, oh well.
Its your game ID for christ sake, if losing the account is so important, the user should think about what email server to use.
The concern is not in that of the email site being used, so much as it is the data trail between an email account that is commonly used for more than just the B.net account. Your email could be "r4nD0m3M41L@1nS3r7DoM4In", and the moment you use the same email to register on a WoW related fan or guild site, you're exposing your account because that same email is your username for B.net.
Again, yes, technically a user can make a separate email jsut for B.net, but my point is it's an unneccessary extra step that users should not even have to consider, because of Blizzard's flawed account management design change. That is why it is in part Blizzard's fault, because they have not designed their account management with ease of use, and security, in mind.
No one hacked blizzard servers, otherwise your bank account would be empty too. You downloaded a keylogger on accident and lost your account to it. Just like every other person who doesn't deserve to be on the internet without taking some sort of class.
I'm well aware of how a keylogger works, and never stated that the B.net conversion changed this. The amount of hackings did increase due to the exposure of the email address as username.
There are three major avenues for compromised accounts:
1. Phishing/social engineering
2. Keylogging
3. Obtaining login information from third party information
The change in username to email simply increased the probability of the 3rd main point occuring, by using a publicly exposed value as one half of what should be private login information.
So do not use a popular email site, if you use yahoo, and log in from china, oh well.
Its your game ID for christ sake, if losing the account is so important, the user should think about what email server to use.
The concern is not in that of the email site being used, so much as it is the data trail between an email account that is commonly used for more than just the B.net account. Your email could be "r4nD0m3M41L@1nS3r7DoM4In", and the moment you use the same email to register on a WoW related fan or guild site, you're exposing your account because that same email is your username for B.net.
Again, yes, technically a user can make a separate email jsut for B.net, but my point is it's an unneccessary extra step that users should not even have to consider, because of Blizzard's flawed account management design change. That is why it is in part Blizzard's fault, because they have not designed their account management with ease of use, and security, in mind.
agree with u and daff above.
Using the email address makes me very uncomfortable for a long time, and I have to create a phony email to register, an email that does not exist outside that registration move. It is extra steps, but for me worthy. Why blizz make that decision I never understand. I presume the wise guys in blizz have their own reasons they do not want to share with us. Like a trade secret, who knows.
No one hacked blizzard servers, otherwise your bank account would be empty too. You downloaded a keylogger on accident and lost your account to it. Just like every other person who doesn't deserve to be on the internet without taking some sort of class.
There are several more ways than a keylogger that can result in an account breach. The fact that you don't acknowledge this is proof that you technically fall into the same group of people that 'don't deserve to be on the Internet without taking some sort of class'.
The bank account statement is also rather humorous... the reason why these people target WoW accounts and not bank accounts, which they could likely just as 'easily' do, is because it's not a federal/international crime to breach a WoW account, like it is a bank account.
Besides, blaming the victim is all well and good, until you become one yourself. It will happen eventually, if not for your WoW account, then for one of your online accounts. With the rate at which cyber crime is going, it will eventually happen to everyone. Just remember your words when it does happen to you.
No one hacked blizzard servers, otherwise your bank account would be empty too. You downloaded a keylogger on accident and lost your account to it. Just like every other person who doesn't deserve to be on the internet without taking some sort of class.
There are several more ways than a keylogger that can result in an account breach. The fact that you don't acknowledge this is proof that you technically fall into the same group of people that 'don't deserve to be on the Internet without taking some sort of class'.
The bank account statement is also rather humorous... the reason why these people target WoW accounts and not bank accounts, which they could likely just as 'easily' do, is because it's not a federal/international crime to breach a WoW account, like it is a bank account.
Besides, blaming the victim is all well and good, until you become one yourself. It will happen eventually, if not for your WoW account, then for one of your online accounts. With the rate at which cyber crime is going, it will eventually happen to everyone. Just remember your words when it does happen to you.
Contrary to popular belief, there are some of us whos' game accounts have NEVER been hacked. This is because we follow certain self-enforced rules and approach everything cautiously. We know not to download add-ons that are not very well known and widely used or to give out our account information in response to legitimate-looking scam emails.
While it is POSSIBLE that someone may be able to hack into your computer without relying on the above means, it is extremely unlikely and I would wager that 99.9% of all 'hacked' accounts are the fault of the user. Most of the people with the skills to do something like that without the use of a keylogger or scam don't really give a crap about peoples' WOW accounts...
No one hacked blizzard servers, otherwise your bank account would be empty too. You downloaded a keylogger on accident and lost your account to it. Just like every other person who doesn't deserve to be on the internet without taking some sort of class.
There are several more ways than a keylogger that can result in an account breach. The fact that you don't acknowledge this is proof that you technically fall into the same group of people that 'don't deserve to be on the Internet without taking some sort of class'.
The bank account statement is also rather humorous... the reason why these people target WoW accounts and not bank accounts, which they could likely just as 'easily' do, is because it's not a federal/international crime to breach a WoW account, like it is a bank account.
Besides, blaming the victim is all well and good, until you become one yourself. It will happen eventually, if not for your WoW account, then for one of your online accounts. With the rate at which cyber crime is going, it will eventually happen to everyone. Just remember your words when it does happen to you.
This is complete and utter speculation. It's as ludicrous as saying that any given negative thing will eventually happen to everyone. That's just simply errant logic on your part. That sort of fatalistic view on anything likely short circuits any real desire to TRY to protect yourself. It's as silly as saying, "Well...all houses will get broken into eventually, so I may as well not bother with trying to protect mine." Senseless fatalism which often turns into self-fulfilling prophecy.
Contrary to popular belief, there are some of us whos' game accounts have NEVER been hacked. This is because we follow certain self-enforced rules and approach everything cautiously. We know not to download add-ons that are not very well known and widely used or to give out our account information in response to legitimate-looking scam emails.
While it is POSSIBLE that someone may be able to hack into your computer without relying on the above means, it is extremely unlikely and I would wager that 99.9% of all 'hacked' accounts are the fault of the user. Most of the people with the skills to do something like that without the use of a keylogger or scam don't really give a crap about peoples' WOW accounts...
This ^^^^.
And as someone else so eloquently stated, and I paraphrase: "It's not Blizzard's job to create a patch for stupidity."
I am NOT a fan of WoW any more (although I did play it for 5 years), or of Blizzard, for that matter, but I am very big on being accountable for your own mistakes, actions, inactions, and oversights, which seems to be an unpopular stance these days. If anything goes wrong....by all means....find someone ELSE to blame.
Much of what is wrong in the world today is due to this whining attitude of "It's not MY fault!" Whaaaa! That might fly if you're a four year old. It does not, however, work when you are an adult in most situations.
i got hacked a few months back. I got an email from Blizzard about some suspicious activity and found out that someone from a Alabama( think it was Alabama) IP Address logged into my account. They suggested I change my password which I did. Funny thing was the next day the hacker logged back in by requesting a password change again and now I'm locked out of my own account. I finally said screw it, wrote a letter about this to Blizzard to get it fixed because I couldn't get through on the phone and it took them 3 days to reply to my email. I've never been hacked in anyother game nor was I hacked before they merged with Battlenet. If all a Hacker needs to do to get into my account is request a password change than that's nuts.
Ended up cancelling since I didn't play much anyways. I would never give them my new payment information, who knows what else Hacker can do with their software.
I've received plenty of these "messages" from "Blizzard". Well, NOT from Blizzard, actually. All of them FROM FRACKING HACKERS TRYING TO SEE IF I'M STUPID ENOUGH TO GO THEIR FRACKING FAKE WEBSITE AND TYPE IN MY PASSWORD LIKE A GODDAM FRACKING MORON. Now, I'm sure it's POSSIBLE the email you got was legitimate, though I've never heard of any such mails being sent legitimately, but the fact you were locked out of your account THE VERY NEXT DAY makes me just a TINY BIT SUSPICIOUS.
Nah, it's a all a big Blizzard conspiracy. It's NEVER the user's fault.
(I once got a tell in-game from someone using a name like "BlizzrdAccountRep" which warned me my account was "suspicious" and I had to go to some site like "www.blizzard.logincheck.com" and enter my name and password to "verify" it. The scary/hilarious thing is that they wouldn't do this if there weren't people stupid enough to fall for it. A *lot* of people stupid enough to fall for it. This isn't ANYTHING Blizzard can correct. You can't cure stupidity.)
I can tell just by the way you typed out that message that you are not the sharpest tool in the shed. Now, there are multiple ways somebody can hack your account without you being phished through email. Look how easy it was for those hackers to hack the pentagon database. You don't think the same people could easily hack into your email or gain access to your wow account? Hell, you put those wow head data collectors in your add ons, that is one way it is possible, and most people on wow use that wow head thing. Also Gearscore collects data, they too could be taking your info.
Sure, blame the victim when it is clearly blizzard problem. This happens more times with companies like NCsoft and blizzard than with other companies, and they allow the gold sellers to have free run of the game.
Which hackers? How did they do it? Are those techniques applicable? And, as a trivial side note, a mere addendum, has it occurred to you that there's a difference between a targeted attack on a specific, high-profile target and mass attacks in the hopes of getting one thing of value out of thousands of accounts compromised? That, maybe, just MAYBE, there's different level of attention and time investment if you're hacking the Pentagon vs. a random WoW account that may or may not have the slightest value?
Nah, the pentagon, Joe Gamer's laptop... same thing, worthy of the same effort.
To try to hammer this point through your skull, while it is possible someone could crack any system by sheer brute force if they don't have a moron running the system to do the work for them (for example, by following a link to "verify your account" that you got in an email), they won't do this unless it's a guaranteed high-value target. So, sorry, it's not "easy" for hackers to break into your system if you don't helpfully open the door for them. They won't try unless you've actually got something worth considerable effort. On the other hand, using a zombie botnet to send out ten million phishing emails costs very little, especially since, as this thread shows, there's people out there dumb enough to fall for it.
Oh, wait, you could be hacked if you install add ons. Please note "if YOU install add-ons". Once you've compromised your system by installing untrusted software, you have no one to blame but yourself. I use no add-ons with WoW. None. Zip. Zero. One, I'm too lazy to bother researching which ones are good, two, as you note, they're huge security holes. "Oh, gosh, I'll let this software written by J. Random Luser have full administration rights on my machine. What could POSSIBLY go wrong?"
Does anyone have any evidence there's any sort of "inside job" (and what would be the point? To sell cheap authenticators? The cost in customer service alone sucks up any potential profit!), aside from the perfectly sound and solid logic of "Dur, dey be a big company and i r scared uv big companies and i do not no wut is meens reh-sponsy-billitty"? Not "Well, I'm CERTAIN!", but actual proof you could provide in a court of law? Because if you've got it, you've got the mother of all class action lawsuits. If you don't got it... and, let's be real here, you DON'T -- you're just another moron on the Internet broadcasting your ignorance to the world.
No, the fact you used your email "just for WoW" isn't proof. Collecting valid email addresses by sheer brute force is trivial. I regularly get phishing scams for banks I've never even HEARD of, much less had accounts with.
Been playing off and on now since beta and have never had my account hacked and seriously doubt it ever will be hacked. People go to shady websites, gold farming websites, or powerleveling services and act surprised when they start having issues. If your account is hacked in World of Warcraft it is most likely your fault, and if you think you'll do better in a game from korea or china you are sadly mistaken.
Look, it sucks. But computers are tools and if you do not know how to use your computer and do not take the necessary steps to protect yourself online then you have absolutely no business using a computer in the first place because, there is far more at stake than your little wow account. I suggest you check your credit reports because most likely you have given access to your bank accounts and credit card accounts as well.
I went back to playing WOW after 4 years out of boredom. I wanted some mindless effortless fun. I had been playing for 2 months and found out yesterday my account is hacked and my level 70 toons from before are gone. The current level 20 toon i was playing is also gone.
I called support and the call volume was so high the couldnt take my call. I looked in the forums and see this is an epidemic.
Who needs this hassle I can play RPM or Allods and not deal with this BS.
I had the same thing. Difference is, I emailed them and got my characters back in a few days.
If you're not even gonna try, why complain?
I am having EXACTLY the same trouble as others.
And I have tried. Been trying for over a week now. I've gotten emails saying another email is on the way, and it never comes. I respond and then get a form letter telling me how to change my spam settings. No shit, you think I wouldn't have done that already??? Then I get the same email saying to look for the next email, and it does not come.
I have called support a total of 4 times. 3 of the 4 times they said their call queue was full. OMFG, are you serious? How in the f'n world could that be? Perhaps because others are having this same problem. The one time I did get through, when it didn't hang up on me because their call queue was full I was on hold waiting for an hour and 10 minutes. I finally gave up.
So, I went to the WoW forums. Surprise, it's full of people having the exact same problem.
Now, here's the deal. I'm wondering if and when this gets fixed, am I going to reopen my account only to find all my stuff gone? I don't know. And if it does happen, am I going to have to go through all of this again to finally get my stuff back? And the biggest question is this, why am I going through this at all. I'm 90% of the way to just giving up.
What has happened. Seriously, why are all these people having the same trouble all at once? I'm intrigued if not also a bit worried. What other information did this person who hacked my account get?
Ultimately the security of your account within the confines of your PC is your duty, not the game companies out there. They've long since realized the things I've pointed out here, especially with regards to virus scanners, malware checkers, etc. No program is going to find everything that can potentially compromise your account, and they realize that. All they can hope to do is set a policy in place, and urge their customers to be safe and use safe computing habits.
Any respectable IT professional with any shred of IT security knowledge knows that it is equally the responsibility of the user, and those who configure and maintain the system.
Poor system security design, whether it be unintuative, require unnecessary 'extra steps' for the user to ensure security, or just plain flawed with security gaps, it is still in part the responsibility of the administrators, even if the users are not doing all they can.
Blizzard is guilty of this. Particularly in part due to their forced shift of requiring users to use their emails as usernames, rather than a unique and privately known username.
You could argue that it's the user's fault for not making a 'separate email exclusively for their Battle.net account', but that's just a cop out. In this case it's unreasonable to expect users to have to shift their regular behavior, and go out of their way to stay secured. Why? Because things were fine the way they were before. The change was made at Blizzard's whim, for whatever reason, and the direct decision has created an additional gap in security, which users are expected to address. This is poor IT security management, plain and simple
While there is no solid theory to suggest that using email accounts as log in makes a game account vulnerable, I do have my personal hesitation when bnet conversion was announced. Tell you what. Guildwars also use email accounts as log in names. This method of login identification is not new.
As a gamer, if you care about your account and are reasonable alert, you should know the risks when converting to bnet. Making a separate email account, protecting it from day to day exposure and so on are reasonable acts of safety precaution. If you do not lock you car properly and park it in dangerous zones, you are raising the odds that you will come back to find your car missing.
WoW fan sites are being hacked, their member information (including email addresses and passwords) are stolen. If the passwords are hashed or encrypted, the hackers try to crack it. The hackers then take this information and try to login to the WoW account, failing that they try to breach the user's email using the same information to get another shot at compromising the WoW account. This method does work against those unfortunate enough to use the same email and/or password as their WoW account as they do with WoW related sites, and was less viable prior to the B.net conversion... hence the spike in hackings since the B.net conversion.
I've been following this happening. WoW related fan or guild sites get breached, and then a wave of users have their accounts breached shortly thereafter. Sure it's easy to blame the users for using the same email, and/or password, but this simply wouldn't be happening if the B.net conversion didn't force usernames to be the email.
So people stupid enough to use the same email address and password in registering guild forums are wise enough not to use same username and passwords. Hmm funny logic.
I agree, using email address makes me uncomfortable, not because of your reasoning. I am uncomfortable b/c my login name is at the wimp of a third party, say gmail yahoo or whatever (obviously I am not using those, that is why I quote them here). I can hide my username for a game by neverr using it outsie a game, but an email account, it is slightly possible that the privacy is compromised from events outside my control. Frankly I am pretty sure blizz spend more effort protecting the login name password to wow,. than yahoo spend in protecting the email address (not password) list.
Some of them do use the same usernames and/or passwords, and they have been hacked in the past. However, it's more common knowledge (even for those who seem to lack it) that your username and password should be unique and not reused. It's actually promoted usually, and stated when creating an account. Keep in mind as well, picking a unique username is a lot more simplistic and straightforward than setting up a new email via a third party every time you want to create a new account for something that uses email as the login name.
My biggest gripe about the change to the username is that it was wholey unneccesary. There's no reason why Blizzard couldn't have just let us pick a new username for our B.net account. It was an arbitrary decision that simply added a security gap, when the previous method was working perfectly fine.
It is only a security gap if you failed to make a special email address for battle.net lol. Not like Hotmail, Gmail, yahoo, or any of the dozens of other free email providers available put a limit on the ones you can have, hell even comcast gives you a dozen or so free email accounts lol. And if someone is dumb enough to use the same password across games and across forums and email accounts etc, well, all I can say is I hope they don't breed.... we have enough stupid people in the world already.
No one hacked blizzard servers, otherwise your bank account would be empty too. You downloaded a keylogger on accident and lost your account to it. Just like every other person who doesn't deserve to be on the internet without taking some sort of class.
There are several more ways than a keylogger that can result in an account breach. The fact that you don't acknowledge this is proof that you technically fall into the same group of people that 'don't deserve to be on the Internet without taking some sort of class'.
The bank account statement is also rather humorous... the reason why these people target WoW accounts and not bank accounts, which they could likely just as 'easily' do, is because it's not a federal/international crime to breach a WoW account, like it is a bank account.
Besides, blaming the victim is all well and good, until you become one yourself. It will happen eventually, if not for your WoW account, then for one of your online accounts. With the rate at which cyber crime is going, it will eventually happen to everyone. Just remember your words when it does happen to you.
Contrary to popular belief, there are some of us whos' game accounts have NEVER been hacked. This is because we follow certain self-enforced rules and approach everything cautiously. We know not to download add-ons that are not very well known and widely used or to give out our account information in response to legitimate-looking scam emails.
While it is POSSIBLE that someone may be able to hack into your computer without relying on the above means, it is extremely unlikely and I would wager that 99.9% of all 'hacked' accounts are the fault of the user. Most of the people with the skills to do something like that without the use of a keylogger or scam don't really give a crap about peoples' WOW accounts...
Well, if the time comes that your account does get hacked and you're like me, a person who NEVER added any addons, then we'll be here for you. We understand a bit more than you're trying to.
And if you think this isn't a big problem, go check the WoW forums. Then you will see there is something else that is going on other than us not being as security smart as you are.
Ultimately the security of your account within the confines of your PC is your duty, not the game companies out there. They've long since realized the things I've pointed out here, especially with regards to virus scanners, malware checkers, etc. No program is going to find everything that can potentially compromise your account, and they realize that. All they can hope to do is set a policy in place, and urge their customers to be safe and use safe computing habits.
Any respectable IT professional with any shred of IT security knowledge knows that it is equally the responsibility of the user, and those who configure and maintain the system.
Poor system security design, whether it be unintuative, require unnecessary 'extra steps' for the user to ensure security, or just plain flawed with security gaps, it is still in part the responsibility of the administrators, even if the users are not doing all they can.
Blizzard is guilty of this. Particularly in part due to their forced shift of requiring users to use their emails as usernames, rather than a unique and privately known username.
You could argue that it's the user's fault for not making a 'separate email exclusively for their Battle.net account', but that's just a cop out. In this case it's unreasonable to expect users to have to shift their regular behavior, and go out of their way to stay secured. Why? Because things were fine the way they were before. The change was made at Blizzard's whim, for whatever reason, and the direct decision has created an additional gap in security, which users are expected to address. This is poor IT security management, plain and simple
While there is no solid theory to suggest that using email accounts as log in makes a game account vulnerable, I do have my personal hesitation when bnet conversion was announced. Tell you what. Guildwars also use email accounts as log in names. This method of login identification is not new.
As a gamer, if you care about your account and are reasonable alert, you should know the risks when converting to bnet. Making a separate email account, protecting it from day to day exposure and so on are reasonable acts of safety precaution. If you do not lock you car properly and park it in dangerous zones, you are raising the odds that you will come back to find your car missing.
WoW fan sites are being hacked, their member information (including email addresses and passwords) are stolen. If the passwords are hashed or encrypted, the hackers try to crack it. The hackers then take this information and try to login to the WoW account, failing that they try to breach the user's email using the same information to get another shot at compromising the WoW account. This method does work against those unfortunate enough to use the same email and/or password as their WoW account as they do with WoW related sites, and was less viable prior to the B.net conversion... hence the spike in hackings since the B.net conversion.
I've been following this happening. WoW related fan or guild sites get breached, and then a wave of users have their accounts breached shortly thereafter. Sure it's easy to blame the users for using the same email, and/or password, but this simply wouldn't be happening if the B.net conversion didn't force usernames to be the email.
So people stupid enough to use the same email address and password in registering guild forums are wise enough not to use same username and passwords. Hmm funny logic.
I agree, using email address makes me uncomfortable, not because of your reasoning. I am uncomfortable b/c my login name is at the wimp of a third party, say gmail yahoo or whatever (obviously I am not using those, that is why I quote them here). I can hide my username for a game by neverr using it outsie a game, but an email account, it is slightly possible that the privacy is compromised from events outside my control. Frankly I am pretty sure blizz spend more effort protecting the login name password to wow,. than yahoo spend in protecting the email address (not password) list.
Some of them do use the same usernames and/or passwords, and they have been hacked in the past. However, it's more common knowledge (even for those who seem to lack it) that your username and password should be unique and not reused. It's actually promoted usually, and stated when creating an account. Keep in mind as well, picking a unique username is a lot more simplistic and straightforward than setting up a new email via a third party every time you want to create a new account for something that uses email as the login name.
My biggest gripe about the change to the username is that it was wholey unneccesary. There's no reason why Blizzard couldn't have just let us pick a new username for our B.net account. It was an arbitrary decision that simply added a security gap, when the previous method was working perfectly fine.
It is only a security gap if you failed to make a special email address for battle.net lol. Not like Hotmail, Gmail, yahoo, or any of the dozens of other free email providers available put a limit on the ones you can have, hell even comcast gives you a dozen or so free email accounts lol. And if someone is dumb enough to use the same password across games and across forums and email accounts etc, well, all I can say is I hope they don't breed.... we have enough stupid people in the world already.
None of those apply to me.
So what's your next accusation?
And again, have you gone and looked at the WoW forums to see how big a problem this is. Do you think it could possibly, just possibly, be a Blizzard problem?
Yes, some people just as smart as you got hacked. Oh, no's!
Comments
This is exactly truen in terms of IT with large companies. Right now stealing some players accounts is more prifitable than stealing a bank account. With the current systems it is just as easy to get the login info for wow as it is to get the login info for bank websites. Blizzard literally cannot do more than they already are. User machines are not employee machines that they can cut off from the rest of the web behind a huge ass firewall.
I completely agree.
Disclaimer: This is not a troll post and is not here to promote any negative energy. Although this may be a criticism, it is not meant to offend anyone. If a moderator feels the post is inappropriate, please remove it immediately before it is subject to consideration for a warning. Thank you.
Hate to burst your bubble, but there were the same amount of spikes and the stealing of accounts was just as rampant before they made that change. Keyloggers will steal the info no matter what info it is. Even if they don't already have the username, it is just as easy. Here is how it works.
After the email as username change: The keylogger detects the username and password being entered, logs the info, and sends it to the hacker.
Before the email as username change: The keylogger detects the username and password being entered, logs the info, and sends it to the hacker.
Nothing changed or got easier after they made that change. Everything just stayed the same.
Cannot say you are wrong, but what comes to mind is, if there is a keylogger, the theft is a one off, login name and password all at once. Unless the user changes his password so fast that the thief never gets to use it (that essentially is what an authenticator does), I do not see how the format of a static user name makes a difference.
Anything static is fully vulnerable to a keylogger, email address or username, makes no difference. There is no privacy when it comes to keyloggin, you type it in, its stolen.
Some of them do use the same usernames and/or passwords, and they have been hacked in the past. However, it's more common knowledge (even for those who seem to lack it) that your username and password should be unique and not reused. It's actually promoted usually, and stated when creating an account. Keep in mind as well, picking a unique username is a lot more simplistic and straightforward than setting up a new email via a third party every time you want to create a new account for something that uses email as the login name.
My biggest gripe about the change to the username is that it was wholey unneccesary. There's no reason why Blizzard couldn't have just let us pick a new username for our B.net account. It was an arbitrary decision that simply added a security gap, when the previous method was working perfectly fine.
I think that those 'hacked' have lost the sympathy factor. We have all seen those incredibly obvious 'engrish' emails in our spam folders. I am sorry, but if you are dumb enough to fall for this, you deserve what you got.
You dont feel sorry for idiots that fall for the 'I am from Nigeria and want to give you a million dollars' emails...why offer pitty to idiots that cant read 'engrish'?
These folks were not 'hacked'...they were simply punished (deservidly) for their own stupidity. Its far too easy (and free) to protect your PC. Most 'hacks' do not come from bad downloads...but by folks going to fake (again, obvious) sites and with both eyes open...giving away their account.
You Sir, are a genius ... genuine laugh out loud moment .. thank you!
Agree, I feel very uncomfortable when I am told blizz wants people to use email accounts for bnet, and making bnet mandatory for wow. Still wonder why they make that move.
You are right, people should create a hard to guess username, by the same token,they should use a lesser known email server and create a unique email account that is not going to be used anywhere else. My email account is so "protected", it does not exist practically, after the bnet registration, until it is needed again for any other purpose.
I'm well aware of how a keylogger works, and never stated that the B.net conversion changed this. The amount of hackings did increase due to the exposure of the email address as username.
There are three major avenues for compromised accounts:
1. Phishing/social engineering
2. Keylogging
3. Obtaining login information from third party information
The change in username to email simply increased the probability of the 3rd main point occuring, by using a publicly exposed value as one half of what should be private login information.
So do not use a popular email site, if you use yahoo, and log in from china, oh well.
Its your game ID for christ sake, if losing the account is so important, the user should think about what email server to use.
Keep in mind that hackers can directly attack your email account now. There are ways to do that without ever having to interact with the end users computer or spamming the email account. It can be done without the need for anything from the end user.
Shinzou is right though. Hacking was a major problem before battle.net conversion.
That is why blizzard introduced the authenticator in June 2008. The battlenet conversion didn't take place until Dec 2009.
End users selecting insecure email accounts for their login names only made the problem worse. It was a stupid choice by blizzard, but the ultimate responsibility of securing account details falls on the user. Blizzard cannot stop players from effectively posting their login name all over the internet.
The concern is not in that of the email site being used, so much as it is the data trail between an email account that is commonly used for more than just the B.net account. Your email could be "r4nD0m3M41L@1nS3r7DoM4In", and the moment you use the same email to register on a WoW related fan or guild site, you're exposing your account because that same email is your username for B.net.
Again, yes, technically a user can make a separate email jsut for B.net, but my point is it's an unneccessary extra step that users should not even have to consider, because of Blizzard's flawed account management design change. That is why it is in part Blizzard's fault, because they have not designed their account management with ease of use, and security, in mind.
No one hacked blizzard servers, otherwise your bank account would be empty too. You downloaded a keylogger on accident and lost your account to it. Just like every other person who doesn't deserve to be on the internet without taking some sort of class.
agree with u and daff above.
Using the email address makes me very uncomfortable for a long time, and I have to create a phony email to register, an email that does not exist outside that registration move. It is extra steps, but for me worthy. Why blizz make that decision I never understand. I presume the wise guys in blizz have their own reasons they do not want to share with us. Like a trade secret, who knows.
There are several more ways than a keylogger that can result in an account breach. The fact that you don't acknowledge this is proof that you technically fall into the same group of people that 'don't deserve to be on the Internet without taking some sort of class'.
The bank account statement is also rather humorous... the reason why these people target WoW accounts and not bank accounts, which they could likely just as 'easily' do, is because it's not a federal/international crime to breach a WoW account, like it is a bank account.
Besides, blaming the victim is all well and good, until you become one yourself. It will happen eventually, if not for your WoW account, then for one of your online accounts. With the rate at which cyber crime is going, it will eventually happen to everyone. Just remember your words when it does happen to you.
Contrary to popular belief, there are some of us whos' game accounts have NEVER been hacked. This is because we follow certain self-enforced rules and approach everything cautiously. We know not to download add-ons that are not very well known and widely used or to give out our account information in response to legitimate-looking scam emails.
While it is POSSIBLE that someone may be able to hack into your computer without relying on the above means, it is extremely unlikely and I would wager that 99.9% of all 'hacked' accounts are the fault of the user. Most of the people with the skills to do something like that without the use of a keylogger or scam don't really give a crap about peoples' WOW accounts...
This ^^^^.
And as someone else so eloquently stated, and I paraphrase: "It's not Blizzard's job to create a patch for stupidity."
I am NOT a fan of WoW any more (although I did play it for 5 years), or of Blizzard, for that matter, but I am very big on being accountable for your own mistakes, actions, inactions, and oversights, which seems to be an unpopular stance these days. If anything goes wrong....by all means....find someone ELSE to blame.
Much of what is wrong in the world today is due to this whining attitude of "It's not MY fault!" Whaaaa! That might fly if you're a four year old. It does not, however, work when you are an adult in most situations.
Which hackers? How did they do it? Are those techniques applicable? And, as a trivial side note, a mere addendum, has it occurred to you that there's a difference between a targeted attack on a specific, high-profile target and mass attacks in the hopes of getting one thing of value out of thousands of accounts compromised? That, maybe, just MAYBE, there's different level of attention and time investment if you're hacking the Pentagon vs. a random WoW account that may or may not have the slightest value?
Nah, the pentagon, Joe Gamer's laptop... same thing, worthy of the same effort.
To try to hammer this point through your skull, while it is possible someone could crack any system by sheer brute force if they don't have a moron running the system to do the work for them (for example, by following a link to "verify your account" that you got in an email), they won't do this unless it's a guaranteed high-value target. So, sorry, it's not "easy" for hackers to break into your system if you don't helpfully open the door for them. They won't try unless you've actually got something worth considerable effort. On the other hand, using a zombie botnet to send out ten million phishing emails costs very little, especially since, as this thread shows, there's people out there dumb enough to fall for it.
Oh, wait, you could be hacked if you install add ons. Please note "if YOU install add-ons". Once you've compromised your system by installing untrusted software, you have no one to blame but yourself. I use no add-ons with WoW. None. Zip. Zero. One, I'm too lazy to bother researching which ones are good, two, as you note, they're huge security holes. "Oh, gosh, I'll let this software written by J. Random Luser have full administration rights on my machine. What could POSSIBLY go wrong?"
Does anyone have any evidence there's any sort of "inside job" (and what would be the point? To sell cheap authenticators? The cost in customer service alone sucks up any potential profit!), aside from the perfectly sound and solid logic of "Dur, dey be a big company and i r scared uv big companies and i do not no wut is meens reh-sponsy-billitty"? Not "Well, I'm CERTAIN!", but actual proof you could provide in a court of law? Because if you've got it, you've got the mother of all class action lawsuits. If you don't got it... and, let's be real here, you DON'T -- you're just another moron on the Internet broadcasting your ignorance to the world.
No, the fact you used your email "just for WoW" isn't proof. Collecting valid email addresses by sheer brute force is trivial. I regularly get phishing scams for banks I've never even HEARD of, much less had accounts with.
It's your fault your got hacked. Look in the mirror before you start tossing blame. I know it's hard for your type.
##Best SWTOR of 2011
Posted by I_Return - SWTOR - "Forget the UI the characters and all ofhe nitpicking bullshit" "Greatest MMO Ever Created"
##Fail Thread Title of 2011
Originally posted by daveospice
"this game looks like crap?"
Been playing off and on now since beta and have never had my account hacked and seriously doubt it ever will be hacked. People go to shady websites, gold farming websites, or powerleveling services and act surprised when they start having issues. If your account is hacked in World of Warcraft it is most likely your fault, and if you think you'll do better in a game from korea or china you are sadly mistaken.
Look, it sucks. But computers are tools and if you do not know how to use your computer and do not take the necessary steps to protect yourself online then you have absolutely no business using a computer in the first place because, there is far more at stake than your little wow account. I suggest you check your credit reports because most likely you have given access to your bank accounts and credit card accounts as well.
This may seem harsh but it is reality.
http://www.speedtest.net/result/7300033012
I am having EXACTLY the same trouble as others.
And I have tried. Been trying for over a week now. I've gotten emails saying another email is on the way, and it never comes. I respond and then get a form letter telling me how to change my spam settings. No shit, you think I wouldn't have done that already??? Then I get the same email saying to look for the next email, and it does not come.
I have called support a total of 4 times. 3 of the 4 times they said their call queue was full. OMFG, are you serious? How in the f'n world could that be? Perhaps because others are having this same problem. The one time I did get through, when it didn't hang up on me because their call queue was full I was on hold waiting for an hour and 10 minutes. I finally gave up.
So, I went to the WoW forums. Surprise, it's full of people having the exact same problem.
Now, here's the deal. I'm wondering if and when this gets fixed, am I going to reopen my account only to find all my stuff gone? I don't know. And if it does happen, am I going to have to go through all of this again to finally get my stuff back? And the biggest question is this, why am I going through this at all. I'm 90% of the way to just giving up.
What has happened. Seriously, why are all these people having the same trouble all at once? I'm intrigued if not also a bit worried. What other information did this person who hacked my account get?
--------------------------------------
It is only a security gap if you failed to make a special email address for battle.net lol. Not like Hotmail, Gmail, yahoo, or any of the dozens of other free email providers available put a limit on the ones you can have, hell even comcast gives you a dozen or so free email accounts lol. And if someone is dumb enough to use the same password across games and across forums and email accounts etc, well, all I can say is I hope they don't breed.... we have enough stupid people in the world already.
http://www.speedtest.net/result/7300033012
Well, if the time comes that your account does get hacked and you're like me, a person who NEVER added any addons, then we'll be here for you. We understand a bit more than you're trying to.
And if you think this isn't a big problem, go check the WoW forums. Then you will see there is something else that is going on other than us not being as security smart as you are.
--------------------------------------
None of those apply to me.
So what's your next accusation?
And again, have you gone and looked at the WoW forums to see how big a problem this is. Do you think it could possibly, just possibly, be a Blizzard problem?
Yes, some people just as smart as you got hacked. Oh, no's!
--------------------------------------
