Ideally every single one of your passwords should be something along the lines of "@s;2^Zi6G'"
DAMNIT. Now I have to change my password. THANKS.
________________________ Two atoms walk out of a bar. The first exclaims, "Damn, I forgot my electrons." The other replies, "You sure?". The first explains, "Yea, I'm positive."
just so u know its common knowledge that blizzard sells your private info to goldsellers and has people in its staff that sell your account info to third parties.
to give u a example. like most people that has played wow some before but quite i receive tons of the battle.net and wow account spam mail. since i will not ever play the game again i just delete it (those go to spam folder anyway). so starcraft 2 comes out i decide to get it since wasmt anything else any good that month coming out. so when i regester ingame for a account i use my new email that im switching stuff to so its a email with no ties to wow at all so i get none of that spam. with in a week my new email starting getting those phlising emails. thats why for me ill never touch another blizzard product. at the least they got someone on the inside selling peoples emails to plishers. so ive closed down that email and threw away my SC2 game after i beat it and use a new email for the 2 sites i buy games from and whola havent received any plishing emails for it ever in month i used it.
I've been a player since open beta myself. I watch porn, torrent movies, and everything else on my PC. Been using my PC for a good 15 years now. Never got a virus...until about 5 months ago. I was at work and got a text that a character of mine logged in and took some items out of the gbank, logged off, and apparently got transferred. I have no idea where I got the keylogger. Don't feel comfortable using SpyBot and AdAware on my work PC because I don't want it to interfere with the software I have on it, but cleared my PC at my house. That night I went out and got Win 7, wiped my PC, and started over. Then ordered my authenticator. Haven't had a problem since
Still now I have no idea where that keylogger came from. For all I know, its still on my work computer.
Do you use a sandbox style program to run that kind of stuff in such as Sandboxie? You are cruisin' for a bruisin' if you aren't. And as always make sure to run Firefox with the NoScript add-on. There is a picture below of the location of that add-on.
just so u know its common knowledge that blizzard sells your private info to goldsellers and has people in its staff that sell your account info to third parties.
to give u a example. like most people that has played wow some before but quite i receive tons of the battle.net and wow account spam mail. since i will not ever play the game again i just delete it (those go to spam folder anyway). so starcraft 2 comes out i decide to get it since wasmt anything else any good that month coming out. so when i regester ingame for a account i use my new email that im switching stuff to so its a email with no ties to wow at all so i get none of that spam. with in a week my new email starting getting those phlising emails. thats why for me ill never touch another blizzard product. at the least they got someone on the inside selling peoples emails to plishers. so ive closed down that email and threw away my SC2 game after i beat it and use a new email for the 2 sites i buy games from and whola havent received any plishing emails for it ever in month i used it.
so long story summed up screw blizzard.
We have a winner... the most stupid comment award goes to...
So, I've been informed by friends that still play WoW that my WoW account is logged in and playing. This is the second time this has happened in 6 months. I don't play WoW any more and haven't for 2 years, I don't log in to my Battle.net account, I don't have malware on my computer, and I don't fall for the phishing emails. This literally just happens with no interaction on my part.
So what is going on over at Blizzard? Am I some isolated case or is this common? This never happened before the switch over to Battle.net. It's pretty annoying too, because I have to waste time getting the account back...
/endrant
I have been noticing a trend lately. Last year is when blizzard was doing there conversion to battle.net for WoW. They sent emails out giving intructions that all accounts are going to battle.net and that they needed the account holder to register the WoW account email with the battle.net site. I have noticed a few of my friends didnt do that and they are the ones that have gotten there accounts hacked.
Not sure if that was just a coincidence or not.
Also, if you care about your account, when you get it back I would consider purchasing the $6.50 Token device at the blizzard store. If you are not familiar with it, its essentially a secondary password device for all your accounts on battle.net. The device has a serial number on it and you register it to your battle.net account.
When you log in to Battle.net, WoW or StarCraft 2 using your normal username/email and password another window will pop up asking you for the Authentication number on your token. You press a button on token and it gives you a 6 digit number to enter into the authentication window. After that you are in. By the way, the number on your token is different everytime you press the number, so your account is hack free.
I wish more P2P mmorpg games would go to this method. I know how frustrating it is to be hacked into and having to jump through hurdles to get your account back as I had my EQ2 account, before they went free to play, hacked
Here is what the token looks like for those who never seen or heard of such a device.
The only thing you need to gain access to someones account is thier email that's associated with the account. With that email you can change someones password, and gain access to the account. Blizz doesn't require you to verify that you're changing the account password before it takes effect; you only do something if you didn't change the password. You don't even have to have access to the email itself.
If the email gets dumped into spam, or if you don't check your email often, it's quite easy to lose control of your account.
This happend to me several months ago. It wasn't a virus, it wasn't phishing, it was as simple as someone changed my password.
I recieved a notice from blizzard that my account had been suspended for spamming. When I went to log into the account the password had been changed. I went back and looked; sure enough there was an email from blizzard telling me that my password had changed. I then changed the account password again, and was shocked to find that I didn't have to verify that it was even me doing it. Changed the password, cancelled the account; which in itself was odd considering I didn't even activate it.
Never had this happen until after I linked my wow account to the battle.net account.
When i tried to call blizzard I got a message to call back because their call volume was to high and they didn't have enough people to handle it.
Blizzard has history of stuff like this happening, and it's not entirely the end user, people just refuse to believe that a lot of people lose control of thier WoW accounts through absolutely no fault of thier own.
There is a reason that they now have the authenticator, and ti's not just because of phishing and viruses.
To change the password of an account, you have to click an "okay" link, so what you're saying is false.
If they have access to your email, they can click the link for said confirmation email.
So what they said is actually true.
And that's why Battle.net using an e-mail as username for login authentication is a dirt stupid thing to do. It used to be that even if you knew someone's username and requested a password change/reset, you still didn't necessarily know where the e-mail went. Now they know exactly where it goes because the e-mail the battle.net account is tied to, is the username of the account.
Not to mention, it's significantly easier to track down an e-mail account than it is a private username... even if it's an email used for a single purpose.
Derp.
IT security at it's worst, brought to you by Blizzard.
An adversary must guess the user's email password in order to pull this off as a link in the email sent must be clicked to confirm the password change. If a user is using a easily guessable password, poor email provider, or the same password everywhere for an authentication technique that is used industry wide, that is their problem.
Blizzard Authenticator! They are dirt cheap. Random, one time use passwords are the best security there is aside from unplugging.
Forever looking for employment. Life is rather dull without it.
Comments
DAMNIT. Now I have to change my password. THANKS.
________________________
Two atoms walk out of a bar. The first exclaims, "Damn, I forgot my electrons." The other replies, "You sure?". The first explains, "Yea, I'm positive."
just so u know its common knowledge that blizzard sells your private info to goldsellers and has people in its staff that sell your account info to third parties.
to give u a example. like most people that has played wow some before but quite i receive tons of the battle.net and wow account spam mail. since i will not ever play the game again i just delete it (those go to spam folder anyway). so starcraft 2 comes out i decide to get it since wasmt anything else any good that month coming out. so when i regester ingame for a account i use my new email that im switching stuff to so its a email with no ties to wow at all so i get none of that spam. with in a week my new email starting getting those phlising emails. thats why for me ill never touch another blizzard product. at the least they got someone on the inside selling peoples emails to plishers. so ive closed down that email and threw away my SC2 game after i beat it and use a new email for the 2 sites i buy games from and whola havent received any plishing emails for it ever in month i used it.
so long story summed up screw blizzard.
Do you use a sandbox style program to run that kind of stuff in such as Sandboxie? You are cruisin' for a bruisin' if you aren't. And as always make sure to run Firefox with the NoScript add-on. There is a picture below of the location of that add-on.
3 Part Sandboxie Review
http://www.sandboxie.com/
http://www.youtube.com/watch?v=GueXMq-Vyi8
http://www.youtube.com/watch?v=2IbwhE-r8_k
http://www.youtube.com/watch?v=4XBbC81bZx4
NoScript Add-on
https://addons.mozilla.org/en-US/firefox/addon/722/
We have a winner... the most stupid comment award goes to...
I have been noticing a trend lately. Last year is when blizzard was doing there conversion to battle.net for WoW. They sent emails out giving intructions that all accounts are going to battle.net and that they needed the account holder to register the WoW account email with the battle.net site. I have noticed a few of my friends didnt do that and they are the ones that have gotten there accounts hacked.
Not sure if that was just a coincidence or not.
Also, if you care about your account, when you get it back I would consider purchasing the $6.50 Token device at the blizzard store. If you are not familiar with it, its essentially a secondary password device for all your accounts on battle.net. The device has a serial number on it and you register it to your battle.net account.
When you log in to Battle.net, WoW or StarCraft 2 using your normal username/email and password another window will pop up asking you for the Authentication number on your token. You press a button on token and it gives you a 6 digit number to enter into the authentication window. After that you are in. By the way, the number on your token is different everytime you press the number, so your account is hack free.
I wish more P2P mmorpg games would go to this method. I know how frustrating it is to be hacked into and having to jump through hurdles to get your account back as I had my EQ2 account, before they went free to play, hacked
Here is what the token looks like for those who never seen or heard of such a device.
An adversary must guess the user's email password in order to pull this off as a link in the email sent must be clicked to confirm the password change. If a user is using a easily guessable password, poor email provider, or the same password everywhere for an authentication technique that is used industry wide, that is their problem.
Blizzard Authenticator! They are dirt cheap. Random, one time use passwords are the best security there is aside from unplugging.
Forever looking for employment. Life is rather dull without it.