Everyday there seems to be someone complaining about getting hacked. I even know a guy in real-life that has been hacked. I'm assuming that it's because of the third party add-ons that are "required" to play, but is that the reason or is there something else?
All you need is their email.
Copy and paste the email Blizzard sends when you change some info on your account except have the website they list redirect you to a site that looks pretty much exactly the same.
They'll enter their info.
You have a new account.
It's called phishing, and there are a lot of people who pay absolutely no attention to what they're doing.
Playing: *sigh* back to WoW -------- Waiting for: SW:TOR, APB, WoD --------- Played and loved: Eve and WoW -------- Played and hated: WoW:WotLK, Warhammer, every single F2P
First your login is now an e-mail address. This means that it's easier to get someones login name. Lets face it not many keep game and every day e-mail addresses different.
Secondly it's pretty easy when your tired or not exactly paying attention to click on something you shouldn't. Simple examples all those e-mails people are getting offering all kinds of things from beta access to cat or the others saying your WoW account has been comprimised. Follow the link and enter your info and boom some one has just got your account info.
So it's not entirely Blizzards fault. It's also not entirely the end users fault either because it's incredably easy to make a mistake.
The lesser of two evils is still evil.
There is nothing more dangerous than a true believer.
Been playing MMORPGs since Ragnarok Online when I was in grade 9 or 10 in high school. I'm now graduating from university. I've NEVER gotten phished before.....until that one day.
Irony in this, is that I know how to program trojans and other evil things, I'm still at a huge loss as to how the hell my account was ever compromised.
I love it when people say they don't surf sites that are unsafe when this very site has had several issues with infected flash ads installing trojans on users computers.
Sorry folks, there is no such thing as being safe on the internet. It doesn't matter what job you have or how many scanners you run. You are never safe and exposed to many threats that you most likely don't even understand.
I love it when people say they don't surf sites that are unsafe when this very site has had several issues with infected flash ads installing trojans on users computers.
Sorry folks, there is no such thing as being safe on the internet. It doesn't matter what job you have or how many scanners you run. You are never safe and exposed to many threats that you most likely don't even understand.
I am 100% secure on any website I visit because of two words:
Macbook Pro.
Never argue with an idiot. He will drag you down to his level, then beat you with experience.
My account has been inactive for 4 months(as far as me using it) and I just got a "your account has been suspended for using a 3rd party hack" email from Blizzard.
someone obviously took my account for a joy ride..
And are you SURE that email was from Blizzard? I have gotten MANY many emails saying THAT (and assorted other "scary" sounding things) and my account is just fine and dandy. So....I'm just sayin'.
People get ALL KINDS of "emails from Blizzard" saying all kinds of things about bans, suspensions, hacking, third party software usage, yada yada bullshit. And most of it is just that....bullshit.
I haven't played WoW since January of this year and I get 3-5 of those kinds of emails A DAY. I report them as phishing scams and go on my merry way. 3-5 is actually an improvement. Before I started reporting them as phishing attempts....I was getting double that. I have checked my account, however (not through any email link) and everything is fine. Yet I guarantee you....that I will get an email TOMORROW telling me it's been suspended, I've been banned, or there is some other sort of "suspicious" activity going on.....
/rolls eyes
I'm sorry if your account really WAS messed with, but you have to understand why it's hard not to be cynical. The latest greatest phishing scam for WoW right now.....is Cataclysm beta invites. I laughed at the first one I got....and I've continued to laugh almost every other day.
A Cataclysm Beta Invitation in my Inbox? This is the third one! I hope this one isn't fake, I've already sent my information to all the others.
Wow! This site just gives me gold for money? Awesome!
Oh, boy! I can get people to power level me to 80! I'll just submit my account information.
It happens.
Oh, it happens.
Yea, and it happened to me without ever doing anything ever except be a normal subscriber.
It's an issue that's on Blizzards side by this point. Don't play anymore, but my account getting hijacked randomly ended my subscription pretty abruptly. Either they get a reign in on their security measures or lose money to it. Their choice.
I find it very hard to believe that Blizzard does not know how to properly encrypt information. But I haven't played WoW in over a year and haven't had any issues, then I transfered my account to a newly created battle.net account. Shortly after my account password was changed, characters deleted, and an authenticator placed on my account.
Maybe this was somehow my fault, I hope so at least, because if blizzard can't hire a cryptographer with half a brain, they have some serious issues. On the bright side, they fixed everything.
East Carolina University, Computer Science BS, 2011 -------------------- Current game: DAOC
Games played and quit: L2, PlanetSide, RF Online, GuildWars, SWG, COH/COV, Vanguard, LOTRO, WoW, WW2 Online, FFXI, Auto-Assault, EVE Online, ShadowBane, RYL, Rappelz, Last Chaos, Myst Online, POTBS, EQ2, Warhammer Online, AoC, Aion, Champions Online, Star Trek Online, Allods, Darkfall.
I think we need to consider the fact that WoW brought in a lot of people who were not gamers and especially people who wanted to play it that aren't necessarily Internet Savvy...
How many housewives have I met that play WoW but barely know how to access the internet? Then of course there are tons of naive people that think just because something seems legitimate it must be so. Since the number of users who play WoW is so great even the simplest phishing email will garner some kind of result.
It's what happens when people want to just play WoW and don't care where the addons come from and believe things that in game people tell them. I'm sure there are quite a few people who get their kids to set the game up for them so that all they do is double click ont he shortcut on the desktop, type in their very basic pasword and burn through a few hours of game time.
i believe this, i have a buddy that LOVES WoW but knows nothing about anything else computer related. he downloads all kinds of crap and thinks it's safe.
Its largly poor wow security, their customer information protect is weak and easy to prey on.
But a larger reason is it is a lucritive market with a lot of money to be made; this is the main reason. This is like mac vs windows virus or hacking.
More windows systems have viruses. This occurs for more than one reason:
1) there are more windows systems (there ar more wow accounts and people playing wow)
2) Due the the more windows computers more people write virus for or hack windows sytstems (Becuase of the size of wow and amount of money to be made more people hack wow accounts)
3) Larger % of the population using a type of computer = more people with little experience with the knowledge to protect their computer (Larger % of the population playign wow a large number of people who download bad addons and protect their login/etc, protect their computer from vitrual property infringement). Why not use the word theft, becuase it must be a physical good stolen oddly enough. Other might call it intelectual property etc.
Anyway just to address this so i don't hear any QQin. The CanSecWest and Pwn2Own competition happens like every year And max os are hacked first and fast every year. They are not secure at all. Now windows is not top man that spot for personal os is held by linux every year.
"Society in every state is a blessing, but government even in its best state is but a necessary evil; in its worst state an intolerable one ..." - Thomas Paine
Wow! Without having read every page to know if this has been stated, I liken it to Windows vs Linux. People could put a virus onto Linux, but why would they? Hackers want to bring down the biggest fish - and gold farmers want to hit the game with the most profit potential. It's that simple.
Now, one could argue that Bliz's method of handling the issue is by making authenticators rather than adding better security into the game and thereby giving themselves more profit. I would think that is probably a correct statement. That said, the authenticator is cheap and a VERY good method of protecting people from hackers and their own stupidity.
Question: Why would someone pay $25 for a pretty see-through mount but not pay $6.50 for an authenticator?
I was pleasantly surprised when I went from Apprentice to full 5 star Elite in under 2 months. I was pleasantly surprised again when I went from Elite to just barely Hardcore in 2 weeks. Apprentice, here I come!
Its largly poor wow security, their customer information protect is weak and easy to prey on.
But a larger reason is it is a lucritive market with a lot of money to be made; this is the main reason. This is like mac vs windows virus or hacking.
More windows systems have viruses. This occurs for more than one reason:
1) there are more windows systems (there ar more wow accounts and people playing wow)
2) Due the the more windows computers more people write virus for or hack windows sytstems (Becuase of the size of wow and amount of money to be made more people hack wow accounts)
3) Larger % of the population using a type of computer = more people with little experience with the knowledge to protect their computer (Larger % of the population playign wow a large number of people who download bad addons and protect their login/etc, protect their computer from vitrual property infringement). Why not use the word theft, becuase it must be a physical good stolen oddly enough. Other might call it intelectual property etc.
Anyway just to address this so i don't hear any QQin. The CanSecWest and Pwn2Own competition happens like every year And max os are hacked first and fast every year. They are not secure at all. Now windows is not top man that spot for personal os is held by linux every year.
I was pleasantly surprised when I went from Apprentice to full 5 star Elite in under 2 months. I was pleasantly surprised again when I went from Elite to just barely Hardcore in 2 weeks. Apprentice, here I come!
I think WoW's security is fine. People get hacked because WoW is goldmine for phishers.
Think about it - you have millions of people, mostly people with fairly low computer skills. These people *all* have something valuable - a wow account and all the shinies that come with it. It's a scam waiting to happen.
The WoW forums are notorious for keyloggers, but such things are trivially easy to avoid if you run with good security settings and don't use IE. Same goes for e-mails, I was getting phishing e-mails every day for a span of about a couple weeks. Aside from the fact that I haven't played WoW since December they had all the usual signs of phishing mails - sending you to phony links, poor spelling, etc. Scam mails in-game... I don't see how anyone falls for these but people do. You get the idea.
In a way it's a good thing. It's better that people get scammed and learned the hard way when they get ripped off for something that has no real value in the big picture - their WoW account, rather than getting scammed out of their life savings by some nice person from Nigeria or getting their identity stolen or becoming an unwitting accomplice in some illegal money laundering activity or any of the other much more serious shenanigans that go on in the dark corners of the interwebs.
Well, there is definately more to it than just people getting tricked by phishing e-mails, keylogged by add-ons, etc. I stopped playing WoW in early 2007, about 1 month after Burning Crusade came out. Near the end of last year my account was hacked, so that was about 2.5 years later. Yeah, I get tons of phishing e-mails, but I just ignore them. Hell, I almost disregarded the legitamate e-mail from Blizzard when my account was actually hacked because I figured it was just another phishing attempt.
I have 3 theories on how it might have happened:
1) I was keylogged back in 2007, but my subscription was already over so the hacker didn't want to pay to reactivate it, but still checked periodically to see if it was ever reactivated. He saw a Scroll of Resurrection cast on my account and seized the oppurtunity. Stupid friends for casting that without asking me first...but oh well. I am skeptical of this happening though since I'm pretty careful. I only ever used popular addons and only got them from curse.com, but its still a possibility.
2) My information was leaked from a F2P company. I had been trying several F2P games at the time I was hacked, so maybe my information was leaked from one of them. I don't really think this happened as most of the F2P games I tried were from the bigger F2P companies and those actually seem to try to be even more secure: having virtual keyboards at logon, requiring different PINs for each characters, etc.
3) My information was leaked from Blizzard itself. I alread posted this scenario in another similar post, so I am not going to go too much into this theory since it wasn't well received last time and the more I thought about it, the more I am inclined to rule this one out altogether. I stil list this one though since I find it odd that so many old inactive accounts were hacked around the same time.
So yeah, three theories, but none of them seem very likely, so I guess I am still pretty clueless as to how I was hacked.
Horusra, you seem to have a head on your shoulders and know something more than many of us do about the way add-ons work. Any idiot can post about add-ons not being able to do something because they are a particular type of file, really superficial information and seemingly given by rote. Conversely, most any player can say that add-ons have something to do with it and yet not know how. Since you seem to know a bit more about what's going on than many of us, why don't you open a thread and explain to us what you think is going on along with links to some helpful information? This would do us all a great service.
Just like any "idiot" can come on these boards and call other people idiots, when many of us are not. With the evolution of malicious activity I am sure that there are probably people developing ways to take advantage of every opportunity, including Lua. My point was that it is typically an included executable or DLL that is triggered by the user or the add-on to infect a system, rather than embedding a virus or Trojan in the mod code itself. There is enough information and talk about this stuff everywhere you look if you play WoW that there is no reason whatsoever for someone not to know how to look in the add-on folder to see what is there.
Wasn't there some scandal about hard drives from China having some trojan to steal WoW passwords in it. I think perhaps the sheer number of people playing it makes it very visible and targetable. I mean which thief would target a low population game like Vanguard.
We have determined that your World of Warcraft account has been accessed/compromised by someone not authorized to do so by the World of Warcraft Terms of Use (http://www.worldofwarcraft.com/legal/termsofuse.html).
To protect your privacy and security, we have temporarily disabled this account. Any recurring subscriptions have been suspended to prevent further monetary charges. In order to regain access to the account, you must complete the steps below to secure the account and your computer.
Please keep this email for your reference until the account recovery process has been completed.
STEP 1: SECURE THE ACCOUNT, YOUR COMPUTER AND YOUR EMAIL ADDRESS
We now provide a secure website for you to verify that you have taken the appropriate steps to secure the account, your computer, and your email address. Please go to this site and follow the instructions:
We will contact you with further instructions once we have received and processed your submission. If you do not receive a reply within 48 hours of submitting this form, please resend it from the address listed above.
Please be aware that if unauthorized access to this account continues after the recovery process is complete, it may lead to further action against the account.
Regards,
Neil G.
Game Master Bahrdrak
Customer Services
Blizzard Entertainment
-------------------------------------
That's pretty well done Unfortunately, "accountconfirm.com" is registered in China, as of today....
To the guy above me remove the EFFING LINKS !!!! Unless you are trying to get banned.
Answer to OP's question.
Reason?
Human nature is the reason why so many people get hacked.
People have/had a habit of using the same email account for many sites dealing with WoW or outside of WoW. Prior to Blizzards forced change over to the Battle Net accounts (where you use your email account as a user name) this information was pretty damn useless. Once people were forced to use the Battle Net system and its use of email accounts for usernames the rest was simple for hackers. Hell I'd wager many probably already new their victim and had their email address if not the same password they used on other forums and for their WoW password.
Games I've played/tried out:WAR, LOTRO, Tabula Rasa, AoC, EQ1, EQ2, WoW, Vangaurd, FFXI, D&DO, Lineage 2, Saga Of Ryzom, EvE Online, DAoC, Guild Wars,Star Wars Galaxies, Hell Gate London, Auto Assault, Grando Espada ( AKA SoTNW ), Archlord, CoV/H, Star Trek Online, APB, Champions Online, FFXIV, Rift Online, GW2.
I think WOW's network has been compromised. At the time my account got hacked I had active accounts with Eve and EQII. And those accounts didnt get touched.
It happens too much to be a coincidence. Folks are saying Blizz's security is too tight, but if its an employee doing it or selling access to the servers or a subcontractor that works on the server farms...remember people WITH authenicators are being hacked now.
A Cataclysm Beta Invitation in my Inbox? This is the third one! I hope this one isn't fake, I've already sent my information to all the others.
Wow! This site just gives me gold for money? Awesome!
Oh, boy! I can get people to power level me to 80! I'll just submit my account information.
It happens.
Oh, it happens.
Cute.
Funny thing is, I was hacked, and I don't fancy myself to be an idiot; I take careful precautions against infiltration of my system and theft of my personal information.
Now I suppose it's possible that there was a trojan within one of the addons I downloaded (from Curse.com, a reliable website), by chance, even though I only download the most mainstream addons and, in addition, I check every addon for .exe files to make sure they aren't malicious.
So how was I hacked?
I am really not sure, but I ended up purchasing a Blizzard Authenticator, much to my disgust, and I haven't been hacked since. I'm sure because WoW is such a high profile MMO that people have managed to compromize some aspect of its security in order to take advantage of its large player base, so yes, in that respect, it happens.
We have determined that your World of Warcraft account has been accessed/compromised by someone not authorized to do so by the World of Warcraft Terms of Use" etc
And the thing is, I think mmorpg.com has been compromised. I use a different email address for everything I sign up to using my own domain. The email was sent to the one I used to sign up to this website, and it has never been used elsewhere.
So either this website has been hacked, or someone on the inside with access to email addresses is using them or onselling to account stealers.
Header info if anyone cares:
Delivered-To: mmorpg@mydomaint.net
Received: by 10.229.52.17 with SMTP id f17cs75619qcg; Sat, 24 Jul 2010
12:28:17 -0700 (PDT)
Received: by 10.213.22.18 with SMTP id l18mr4547502ebb.85.1279999696651; Sat,
24 Jul 2010 12:28:16 -0700 (PDT)
Return-Path: <rames_2008@hotmail.com>
Received: from blu0-omc2-s2.blu0.hotmail.com (blu0-omc2-s2.blu0.hotmail.com
A Cataclysm Beta Invitation in my Inbox? This is the third one! I hope this one isn't fake, I've already sent my information to all the others.
Wow! This site just gives me gold for money? Awesome!
Oh, boy! I can get people to power level me to 80! I'll just submit my account information.
It happens.
Oh, it happens.
I understand that this is a few reasons people get hacked, but a few years ago when I got hacked, I never once did any of that... so there are other ways they do it.
Comments
All you need is their email.
Copy and paste the email Blizzard sends when you change some info on your account except have the website they list redirect you to a site that looks pretty much exactly the same.
They'll enter their info.
You have a new account.
It's called phishing, and there are a lot of people who pay absolutely no attention to what they're doing.
Playing: *sigh* back to WoW
--------
Waiting for: SW:TOR, APB, WoD
---------
Played and loved: Eve and WoW
--------
Played and hated: WoW:WotLK, Warhammer, every single F2P
The problem is 2 fold.
First your login is now an e-mail address. This means that it's easier to get someones login name. Lets face it not many keep game and every day e-mail addresses different.
Secondly it's pretty easy when your tired or not exactly paying attention to click on something you shouldn't. Simple examples all those e-mails people are getting offering all kinds of things from beta access to cat or the others saying your WoW account has been comprimised. Follow the link and enter your info and boom some one has just got your account info.
So it's not entirely Blizzards fault. It's also not entirely the end users fault either because it's incredably easy to make a mistake.
The lesser of two evils is still evil.
There is nothing more dangerous than a true believer.
I used to call people idiots too....
Until I get phished one day.
Been playing MMORPGs since Ragnarok Online when I was in grade 9 or 10 in high school. I'm now graduating from university. I've NEVER gotten phished before.....until that one day.
Irony in this, is that I know how to program trojans and other evil things, I'm still at a huge loss as to how the hell my account was ever compromised.
I love it when people say they don't surf sites that are unsafe when this very site has had several issues with infected flash ads installing trojans on users computers.
Sorry folks, there is no such thing as being safe on the internet. It doesn't matter what job you have or how many scanners you run. You are never safe and exposed to many threats that you most likely don't even understand.
I am 100% secure on any website I visit because of two words:
Macbook Pro.
Never argue with an idiot. He will drag you down to his level, then beat you with experience.
And are you SURE that email was from Blizzard? I have gotten MANY many emails saying THAT (and assorted other "scary" sounding things) and my account is just fine and dandy. So....I'm just sayin'.
People get ALL KINDS of "emails from Blizzard" saying all kinds of things about bans, suspensions, hacking, third party software usage, yada yada bullshit. And most of it is just that....bullshit.
I haven't played WoW since January of this year and I get 3-5 of those kinds of emails A DAY. I report them as phishing scams and go on my merry way. 3-5 is actually an improvement. Before I started reporting them as phishing attempts....I was getting double that. I have checked my account, however (not through any email link) and everything is fine. Yet I guarantee you....that I will get an email TOMORROW telling me it's been suspended, I've been banned, or there is some other sort of "suspicious" activity going on.....
/rolls eyes
I'm sorry if your account really WAS messed with, but you have to understand why it's hard not to be cynical. The latest greatest phishing scam for WoW right now.....is Cataclysm beta invites. I laughed at the first one I got....and I've continued to laugh almost every other day.
Yea, and it happened to me without ever doing anything ever except be a normal subscriber.
It's an issue that's on Blizzards side by this point. Don't play anymore, but my account getting hijacked randomly ended my subscription pretty abruptly. Either they get a reign in on their security measures or lose money to it. Their choice.
I find it very hard to believe that Blizzard does not know how to properly encrypt information. But I haven't played WoW in over a year and haven't had any issues, then I transfered my account to a newly created battle.net account. Shortly after my account password was changed, characters deleted, and an authenticator placed on my account.
Maybe this was somehow my fault, I hope so at least, because if blizzard can't hire a cryptographer with half a brain, they have some serious issues. On the bright side, they fixed everything.
East Carolina University, Computer Science BS, 2011
--------------------
Current game: DAOC
Games played and quit: L2, PlanetSide, RF Online, GuildWars, SWG, COH/COV, Vanguard, LOTRO, WoW, WW2 Online, FFXI, Auto-Assault, EVE Online, ShadowBane, RYL, Rappelz, Last Chaos, Myst Online, POTBS, EQ2, Warhammer Online, AoC, Aion, Champions Online, Star Trek Online, Allods, Darkfall.
Waiting on: Earthrise
Names: Citio, Goldie, Sportacus
i believe this, i have a buddy that LOVES WoW but knows nothing about anything else computer related. he downloads all kinds of crap and thinks it's safe.
Its largly poor wow security, their customer information protect is weak and easy to prey on.
But a larger reason is it is a lucritive market with a lot of money to be made; this is the main reason. This is like mac vs windows virus or hacking.
More windows systems have viruses. This occurs for more than one reason:
1) there are more windows systems (there ar more wow accounts and people playing wow)
2) Due the the more windows computers more people write virus for or hack windows sytstems (Becuase of the size of wow and amount of money to be made more people hack wow accounts)
3) Larger % of the population using a type of computer = more people with little experience with the knowledge to protect their computer (Larger % of the population playign wow a large number of people who download bad addons and protect their login/etc, protect their computer from vitrual property infringement). Why not use the word theft, becuase it must be a physical good stolen oddly enough. Other might call it intelectual property etc.
Anyway just to address this so i don't hear any QQin. The CanSecWest and Pwn2Own competition happens like every year And max os are hacked first and fast every year. They are not secure at all. Now windows is not top man that spot for personal os is held by linux every year.
http://cansecwest.com/
"Society in every state is a blessing, but government even in its best state is but a necessary evil; in its worst state an intolerable one ..." - Thomas Paine
Wow! Without having read every page to know if this has been stated, I liken it to Windows vs Linux. People could put a virus onto Linux, but why would they? Hackers want to bring down the biggest fish - and gold farmers want to hit the game with the most profit potential. It's that simple.
Now, one could argue that Bliz's method of handling the issue is by making authenticators rather than adding better security into the game and thereby giving themselves more profit. I would think that is probably a correct statement. That said, the authenticator is cheap and a VERY good method of protecting people from hackers and their own stupidity.
Question: Why would someone pay $25 for a pretty see-through mount but not pay $6.50 for an authenticator?
I was pleasantly surprised when I went from Apprentice to full 5 star Elite in under 2 months. I was pleasantly surprised again when I went from Elite to just barely Hardcore in 2 weeks. Apprentice, here I come!
lol! You beat me to it!
I was pleasantly surprised when I went from Apprentice to full 5 star Elite in under 2 months. I was pleasantly surprised again when I went from Elite to just barely Hardcore in 2 weeks. Apprentice, here I come!
I think WoW's security is fine. People get hacked because WoW is goldmine for phishers.
Think about it - you have millions of people, mostly people with fairly low computer skills. These people *all* have something valuable - a wow account and all the shinies that come with it. It's a scam waiting to happen.
The WoW forums are notorious for keyloggers, but such things are trivially easy to avoid if you run with good security settings and don't use IE. Same goes for e-mails, I was getting phishing e-mails every day for a span of about a couple weeks. Aside from the fact that I haven't played WoW since December they had all the usual signs of phishing mails - sending you to phony links, poor spelling, etc. Scam mails in-game... I don't see how anyone falls for these but people do. You get the idea.
In a way it's a good thing. It's better that people get scammed and learned the hard way when they get ripped off for something that has no real value in the big picture - their WoW account, rather than getting scammed out of their life savings by some nice person from Nigeria or getting their identity stolen or becoming an unwitting accomplice in some illegal money laundering activity or any of the other much more serious shenanigans that go on in the dark corners of the interwebs.
Well, there is definately more to it than just people getting tricked by phishing e-mails, keylogged by add-ons, etc. I stopped playing WoW in early 2007, about 1 month after Burning Crusade came out. Near the end of last year my account was hacked, so that was about 2.5 years later. Yeah, I get tons of phishing e-mails, but I just ignore them. Hell, I almost disregarded the legitamate e-mail from Blizzard when my account was actually hacked because I figured it was just another phishing attempt.
I have 3 theories on how it might have happened:
1) I was keylogged back in 2007, but my subscription was already over so the hacker didn't want to pay to reactivate it, but still checked periodically to see if it was ever reactivated. He saw a Scroll of Resurrection cast on my account and seized the oppurtunity. Stupid friends for casting that without asking me first...but oh well. I am skeptical of this happening though since I'm pretty careful. I only ever used popular addons and only got them from curse.com, but its still a possibility.
2) My information was leaked from a F2P company. I had been trying several F2P games at the time I was hacked, so maybe my information was leaked from one of them. I don't really think this happened as most of the F2P games I tried were from the bigger F2P companies and those actually seem to try to be even more secure: having virtual keyboards at logon, requiring different PINs for each characters, etc.
3) My information was leaked from Blizzard itself. I alread posted this scenario in another similar post, so I am not going to go too much into this theory since it wasn't well received last time and the more I thought about it, the more I am inclined to rule this one out altogether. I stil list this one though since I find it odd that so many old inactive accounts were hacked around the same time.
So yeah, three theories, but none of them seem very likely, so I guess I am still pretty clueless as to how I was hacked.
Just like any "idiot" can come on these boards and call other people idiots, when many of us are not. With the evolution of malicious activity I am sure that there are probably people developing ways to take advantage of every opportunity, including Lua. My point was that it is typically an included executable or DLL that is triggered by the user or the add-on to infect a system, rather than embedding a virus or Trojan in the mod code itself. There is enough information and talk about this stuff everywhere you look if you play WoW that there is no reason whatsoever for someone not to know how to look in the add-on folder to see what is there.
Wasn't there some scandal about hard drives from China having some trojan to steal WoW passwords in it. I think perhaps the sheer number of people playing it makes it very visible and targetable. I mean which thief would target a low population game like Vanguard.
Here's a bogus email I got today......
-------
From:
"Blizzard Entertainment"
To:(me)
Greetings,
We have determined that your World of Warcraft account has been accessed/compromised by someone not authorized to do so by the World of Warcraft Terms of Use (http://www.worldofwarcraft.com/legal/termsofuse.html).
To protect your privacy and security, we have temporarily disabled this account. Any recurring subscriptions have been suspended to prevent further monetary charges. In order to regain access to the account, you must complete the steps below to secure the account and your computer.
Please keep this email for your reference until the account recovery process has been completed.
STEP 1: SECURE THE ACCOUNT, YOUR COMPUTER AND YOUR EMAIL ADDRESS
Account compromises most often occur when a player shares login information with an unauthorized third party or plays on a computer that has a virus, Trojan, or key-logger. We recommend following the http://us.battle.net/security/checklist.html on our Account Security site at http://us.battle.net/security/index.html.
STEP 2: RECOVER THE ACCOUNT
We now provide a secure website for you to verify that you have taken the appropriate steps to secure the account, your computer, and your email address. Please go to this site and follow the instructions:
http://eu.blizzard.accountconfirm.com/login.html?ticket=ecyjfwwr131jnn57f7ya2forxytxxm9xhtts53gibl0hj4qfgrizqsnhbftb
STEP 3: VERIFY YOUR SUBMISSION WAS RECEIVED
We will contact you with further instructions once we have received and processed your submission. If you do not receive a reply within 48 hours of submitting this form, please resend it from the address listed above.
Please be aware that if unauthorized access to this account continues after the recovery process is complete, it may lead to further action against the account.
Regards,
Neil G.
Game Master Bahrdrak
Customer Services
Blizzard Entertainment
-------------------------------------
That's pretty well done
Unfortunately, "accountconfirm.com" is registered in China, as of today....
To the guy above me remove the EFFING LINKS !!!! Unless you are trying to get banned.
Answer to OP's question.
Reason?
Human nature is the reason why so many people get hacked.
People have/had a habit of using the same email account for many sites dealing with WoW or outside of WoW. Prior to Blizzards forced change over to the Battle Net accounts (where you use your email account as a user name) this information was pretty damn useless. Once people were forced to use the Battle Net system and its use of email accounts for usernames the rest was simple for hackers. Hell I'd wager many probably already new their victim and had their email address if not the same password they used on other forums and for their WoW password.
Games I've played/tried out:WAR, LOTRO, Tabula Rasa, AoC, EQ1, EQ2, WoW, Vangaurd, FFXI, D&DO, Lineage 2, Saga Of Ryzom, EvE Online, DAoC, Guild Wars,Star Wars Galaxies, Hell Gate London, Auto Assault, Grando Espada ( AKA SoTNW ), Archlord, CoV/H, Star Trek Online, APB, Champions Online, FFXIV, Rift Online, GW2.
Game(s) I Am Currently Playing:
GW2 (+LoL and BF3)
I think WOW's network has been compromised. At the time my account got hacked I had active accounts with Eve and EQII. And those accounts didnt get touched.
It happens too much to be a coincidence. Folks are saying Blizz's security is too tight, but if its an employee doing it or selling access to the servers or a subcontractor that works on the server farms...remember people WITH authenicators are being hacked now.
Haradek Shadowstalker
EQ,EQII,SWG,AO,DAOC,Planetside,COH,WOW
Cute.
Funny thing is, I was hacked, and I don't fancy myself to be an idiot; I take careful precautions against infiltration of my system and theft of my personal information.
Now I suppose it's possible that there was a trojan within one of the addons I downloaded (from Curse.com, a reliable website), by chance, even though I only download the most mainstream addons and, in addition, I check every addon for .exe files to make sure they aren't malicious.
So how was I hacked?
I am really not sure, but I ended up purchasing a Blizzard Authenticator, much to my disgust, and I haven't been hacked since. I'm sure because WoW is such a high profile MMO that people have managed to compromize some aspect of its security in order to take advantage of its large player base, so yes, in that respect, it happens.
Oh, it happens.
I also got the email
"Greetings,
We have determined that your World of Warcraft account has been accessed/compromised by someone not authorized to do so by the World of Warcraft Terms of Use" etc
And the thing is, I think mmorpg.com has been compromised. I use a different email address for everything I sign up to using my own domain. The email was sent to the one I used to sign up to this website, and it has never been used elsewhere.
So either this website has been hacked, or someone on the inside with access to email addresses is using them or onselling to account stealers.
Header info if anyone cares:
Delivered-To: mmorpg@mydomaint.net
Received: by 10.229.52.17 with SMTP id f17cs75619qcg; Sat, 24 Jul 2010
12:28:17 -0700 (PDT)
Received: by 10.213.22.18 with SMTP id l18mr4547502ebb.85.1279999696651; Sat,
24 Jul 2010 12:28:16 -0700 (PDT)
Return-Path: <rames_2008@hotmail.com>
Received: from blu0-omc2-s2.blu0.hotmail.com (blu0-omc2-s2.blu0.hotmail.com
[65.55.111.77]) by mx.google.com with ESMTP id
x47si4344341eeh.76.2010.07.24.12.28.15; Sat, 24 Jul 2010 12:28:16 -0700 (PDT)
Received-SPF: pass (google.com: domain of rames_2008@hotmail.com designates
65.55.111.77 as permitted sender) client-ip=65.55.111.77;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of
rames_2008@hotmail.com designates 65.55.111.77 as permitted sender)
smtp.mail=rames_2008@hotmail.com
Received: from BLU0-SMTP16 ([65.55.111.72]) by blu0-omc2-s2.blu0.hotmail.com
with Microsoft SMTPSVC(6.0.3790.4675); Sat, 24 Jul 2010 12:28:14 -0700
X-Originating-IP: [222.69.162.162]
X-Originating-Email: [rames_2008@hotmail.com]
Message-ID: <BLU0-SMTP1665A8BA0E0337AD367D81F2A40@phx.gbl>
Return-Path: rames_2008@hotmail.com
Received: from ob ([222.69.162.162]) by BLU0-SMTP16.blu0.hotmail.com over TLS
secured channel with Microsoft SMTPSVC(6.0.3790.4675); Sat, 24 Jul 2010
12:28:05 -0700
Reply-To: <WoWAccountEU@review.blizzard.com>
From: "WoWAccountEU@review.blizzard.com" <WoWAccountEU@review.blizzard.com>
To: <mmorpg@mydomain.net>
Subject: Battle.net -- Account Security Issue
Date: Sat, 24 Jul 2010 14:27:39 +0800
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0F39_01B6AC4B.1FD02950"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.5512
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5512
X-OriginalArrivalTime: 24 Jul 2010 19:28:07.0614 (UTC)
FILETIME=[582C2DE0:01CB2B66]
ok i'll "bear" with you, you mean care bear with you? I'll bear with you as soon as you learn how to spell the word "bare"
and the reason why everyone is getting hacked is because of the data base addons like wow head The gatherer and gear score.
If you got lucky and didn't get hacked good for you .
I understand that this is a few reasons people get hacked, but a few years ago when I got hacked, I never once did any of that... so there are other ways they do it.
Money.
Vault-Tec analysts have concluded that the odds of worldwide nuclear armaggeddon this decade are 17,143,762... to 1.