Howdy, Stranger!
It looks like you're new here. If you want to get involved, click one of these buttons!
Quick Links
account hacked = ban
brindy666
Member Posts: 13
I wanted to share this negative experience with the community. Hopefully someone (apart from the hacker/gold farmer) will benefit from my misfortune somehow.
On 20th of September 2008 I received an email detailing the following:
Type of Violation: Use of Prohibited Third Party software
Consequences for Account: Account Suspension for 3 days (72 hours), Password Reset and warning placed on the account
As it happened I haven't played WoW since March. I know this because I've just been too busy with real life (sadly) and more recently Warhammer Online, and the shortcut on my Windows desktop also confirms that I hadn't played since March, so this was quite a shock to me.
It turns out my account had been hacked. My password strength is considered BEST by the Microsoft password checker, so somehow Blizzard's infrastructure had either been hacked or allows a brute force password attacks.
Further more, the hacker had managed to get in and sell all my stuff from my character. I know this because I used the character viewer on Blizzards website to check the status of my character and all the sellable stuff had gone.
As it happens I had already decided to cancel my subscription, so they saved me the bother.
My advice to the community is to change your password often. I have no idea how long it took for someone to hack my password, but I suspect a regular change of password would have avoided this distress.
I am dissapointed that Blizzard would not accept responsibility for this - they even accused me of having a Virus infected computer with a key-logging-trojan installed, which of course is hilarious since I haven't even launched the game since March.
Anyway, there are much better games available now, so I doubt I will be visiting Azeroth any time soon.
--
First: DAOC
Current: WAR
Played: PotBS, WoW, DDO, LOTRO, SWG, 9D
Anticipating: Stargate Worlds, Warhammer 40k Online
Comments
You feel for a phishing scam email most likely. I get that very same email every few weeks in my mail box.
Which do you think is more plausable? Someone hacked the servers of Blizzard and stole your account information... or.... you did something that compromised your account information such as clicking a link in an official looking email or going to some contaminated website?
The odds of Blizzard letting someone brute force attack your account and go unnoticed is beyond believable. You should really review your actions of late to see where you compromised yourself. Maybe call Blizzard to see if your account was really hacked or not. Your advice however isn't going to change anyones risk level to be very honest with you.
Keyloggers, infected websites and phishing scams are all not affected by password changes or password strength.
Since the first email about my account was the one telling me I was banned and since I never follow links from emails anyway, I'm highly confident someone managed to hack my account remotely.
It might be "unbelievable", but how else would you explain it?
--
First: DAOC
Current: WAR
Played: PotBS, WoW, DDO, LOTRO, SWG, 9D
Anticipating: Stargate Worlds, Warhammer 40k Online
How is Blizzard responsible for this? Whether the hacker found out your account information or was able to "guess" your information somehow is irrelevent, either way they must have given the correct user name and password to Blizzard to gain access to your account and anyone who gives them the correct user name and password will be given access. They have no way of knowing whether or not they should be given access. Now if you believe that someone was able to gain access to your account without knowing your user name and password, then that would be Blizzards problem, but what if any evidence do you have that occurred? A "brute force" method would only work if they knew your user name. There's no possible way they could try every possible user name and password combination. Even just guessing your password is fairly unlikely.
More likely they got your user name and password somehow and the most likely source of that information is some kind of key logger or phishing scam. The fact that you have not launched the game since March is meaningless. It's quite possible they got your username and password prior to that time and are just now getting around to using it to hack your account. You said you have checked your character on Blizzard's website. Did you enter your user name and password there? It asks for it in some situations, like if you are in a guild and want to check the guild contents. Or perhaps you entered the information when you checked your account information? Just because you have not launched the game since March does not necessarily mean you have not entered your account information since then.
I've had the same password for 4 years with no problems, but very few people keep their username and password a complete secret. There are 2 people who know my username and password besides me and although I trust both of them completely and know they would never knowingly give out the information, there's always the possibility that their PC was compromised. Does anyone other than yourself know your username and password?
People are very quick to blame Blizzard, but the chances that a username/password security system can be beat are very small, the chances that the hackers somehow got your username/password are much greater and they only way that would be Blizzard's fault is if they somehow gained access to Blizzards servers and found a list of valid user names and passwords. Which is more likely, that someone hacked Blizzard's servers and got the information or someone hacked your PC and got the information?
i had the same thing a few years ago when i was stopping. I didnt play for a few months and logged. all the stuff i had was sold (end level pvp set before BC) and all characters empy. The said it was my fault and suspended my account and gave me nothing back.
me being a silly idiot still brought BC....glad you reminded me of their conduct as i was considering buying WOTLK cause im totally bored with WAR now but i wont go back to wow
Since the first email about my account was the one telling me I was banned and since I never follow links from emails anyway, I'm highly confident someone managed to hack my account remotely.
It might be "unbelievable", but how else would you explain it?
We see a dozen of these threads every month, and they can all be explained away by both sides. The long and the short is that if you got hacked, then you did something to get yourself hacked, since people can't just hack into the WoW database and harvest passwords.
Either you bought powerleveling, or you sold your account, or you logged in from a computer infected with a keylogger (and there's any of a hundred ways to get infected), or maybe someone you thought was a friend stole your account after you logged in from his computer. You can reply and deny some or all of these, and nobody will ever be able to prove you right or wrong.
Read the post above yours please.
I can honestly say that I played WoW for 4 years and had the same password the entire time and I was never hacked. I am a firm believer that the addons or other things you did were the culprit to the attacker gaining access to your accounts.. both you and the OP. Yeah, I know neither of you will admit it was your fault, it is easier to blame Blizzard instead of taking responsibility yourselves. However, from my experience and those of several friends who played for years and never got hacked it is firmly believed the problem would be on both you and the OP's end.
Read the post above yours please.
I can honestly say that I played WoW for 4 years and had the same password the entire time and I was never hacked. I am a firm believer that the addons or other things you did were the culprit to the attacker gaining access to your accounts.. both you and the OP. Yeah, I know neither of you will admit it was your fault, it is easier to blame Blizzard instead of taking responsibility yourselves. However, from my experience and those of several friends who played for years and never got hacked it is firmly believed the problem would be on both you and the OP's end.
Honestly, I'm open to the position that it could have been my fault, but I really don't see how. If someone can suggest a plausable explaination, then let's hear it.
Unless you're saying that they got my password while I was still active, I suppose that could have been possible, but to wait several months before accessing my account seems unlikely. And as far as I'm aware my computer has never had a Virus (according to AVG anyway).
Since I have never even started the WoW client since March and haven't accessed my Blizzard account for even longer than that, we can eliminate:
- key loggers/virus
- add ons
- email phishing
--
First: DAOC
Current: WAR
Played: PotBS, WoW, DDO, LOTRO, SWG, 9D
Anticipating: Stargate Worlds, Warhammer 40k Online
Since the first email about my account was the one telling me I was banned and since I never follow links from emails anyway, I'm highly confident someone managed to hack my account remotely.
It might be "unbelievable", but how else would you explain it?
We see a dozen of these threads every month, and they can all be explained away by both sides. The long and the short is that if you got hacked, then you did something to get yourself hacked, since people can't just hack into the WoW database and harvest passwords.
Either you bought powerleveling, or you sold your account, or you logged in from a computer infected with a keylogger (and there's any of a hundred ways to get infected), or maybe someone you thought was a friend stole your account after you logged in from his computer. You can reply and deny some or all of these, and nobody will ever be able to prove you right or wrong.
Yes, I'm denying all of them. I have a severe morale objection to plevelling, gold farming, etc and I can assure you know one knows the password I used.
But like I said, I'm willing to try and work out how it was my fault. So the list of eliminated possibilities is:
- key loggers/virus
- add ons
- email phishing
- powerlevelling/farming
- account selling
- logging in from another computer
- a friend using/stealing the account
--
First: DAOC
Current: WAR
Played: PotBS, WoW, DDO, LOTRO, SWG, 9D
Anticipating: Stargate Worlds, Warhammer 40k Online
Keylogged, plain and simple.
Just because you haven't launched the game for months, doesn't mean you haven't viewed sites with questionable links or content during that time, a few clicks and you are infected. Which is how ninety percent of all accounts end up keylogged and tampered with.
A 72 hour suspension is not a ban either. A ban means your account has been terminated and closed, a suspension is just removal of server access for a set period of time determined by the offense in question.
You can file a ticket to have your items restored.
As for Blizzard not accepting responsibility, well its not any fault of there's whatsoever, so why would they? your computer security is your responsibility and nobody elses.
You were keylogged, period, there is no way to remotely hack a WoW Account, you clicked a link and infected your computer with a keylogger, then the keylogger owner took your account and used a bot on it to farm on it (selling your stuff when through with whatever else they used the account for). That is a fact.
Its not an eliminated possibility, it is what happened, you are just not willing to accept that the fault is your own and not someone elses.
To be fair Brindy, this is not the place to bring these sort of posts as it is one person's word against another with no solid proof either way and to be honest it is hardly likely that someone broke into the Blizzard systems and only stole your account details now isn't it?
We only have your word to say that;
- You have not logged into the account in the last 6 months
- You have never used third party software
- You have not let the account be used by someone else
- Your system is secure
.....and so on.
I am not saying that you are not telling the truth, but when you take into account these types of posts appearing on here from time to time and especially one advocating other games, it just opens up the forum to flaming and bad feeling.
It must be Thursday, i never could get the hang of Thursdays.
acouple years back all it took was my internet explorer not bein updated for my account bein hacked from the allakhazam site , was somekind of virus on there
This is why i use a different computer to seach the web now days an my gaming comp just for games
Firefox and NoScript = WIN
yea i know that now but not back then =p
but anyways i lost the account took a break for a few months an came back to the game with a fresh start.
shit happens, really have to make sure your comp is safe at all times
Read the post above yours please.
I can honestly say that I played WoW for 4 years and had the same password the entire time and I was never hacked. I am a firm believer that the addons or other things you did were the culprit to the attacker gaining access to your accounts.. both you and the OP. Yeah, I know neither of you will admit it was your fault, it is easier to blame Blizzard instead of taking responsibility yourselves. However, from my experience and those of several friends who played for years and never got hacked it is firmly believed the problem would be on both you and the OP's end.
Honestly, I'm open to the position that it could have been my fault, but I really don't see how. If someone can suggest a plausable explaination, then let's hear it.
Unless you're saying that they got my password while I was still active, I suppose that could have been possible, but to wait several months before accessing my account seems unlikely. And as far as I'm aware my computer has never had a Virus (according to AVG anyway).
Since I have never even started the WoW client since March and haven't accessed my Blizzard account for even longer than that, we can eliminate:
- key loggers/virus
- add ons
- email phishing
We have observed that when hit by a keylogger it will typically take at least 60-90 days, or longer, for your info to filter through the hackers and be rebundled and sold to the gold famrers who strip the account. So changing your password monthly is an effective means of extra protection. If you were keylogged it didn't occur this week or this month. It occured months ago. Sometimes it will take even longer, as some intermediary in the process will validate each account and seperate out the "innactive" ones as they are more desireable by the gold farmers/sellers.
Also if you are not using an authenticator token, then your WoW login is the same as your login for the Blizzard forums. It is even easier for a keylogger to grab it from there. Or even worse if you told IE to remember that password and login.
As I read this main post about Brindy I feel like the situation is very misleading. I believe it is your fault Brindy for being negligent for using 3rd party addons to gain advantage prior march. You probably didn't care since you stopped playing after months of inactivity. You were never keylogged if you we caught with a 3rd party program. I know this because I was hacked and my account was suspended because the keylogger used my account to spam shit and sell items that were stolen by people.
My account was later under investigation and then was processed back to me with a special username and pw for me to use again. However, I just don't see how it was a negative experience when you didn't play from march to september and all of a sudden see the suspension for 3 days!!! 3 days!! Not permabanned! Therefore, I think you were really careless about your account and simply cancelled because you were too lazy to ask blizzard to recover your items. Just shows that people need to be patient and just work it out.
Addition to this, getting hacked is no fun experience and I learned it from my own accounts. I do agree that setting a good password will make it hard on a hacker but it doesn't matter when a keylogger sees your every letter that you type. Get firefox, get those adware protector software, and don't go to websites that have little or no protection. Lastly, avoid clickings pop ups and links that have exe unless major website.
Oh I forgot, MORE COFFEE PLZ! WORK SUCKS!
MMO Reporter
I'd like to respond to this. It wasn't Brindy that was using the 3rd party addon, it was whomever hijacked the account that did that. There seems to be a little misunderstanding of why someone would want your account in the first place. Sure they want to take all your stuff, but that's only the last step in the process. More useful to a hacker is an account that is currently not being used by the owner, but is still active with Blizzard. You see this account can be used for anything they wish. They can use 3rd party addons to farm items and sell them for gold which are then passed on to another account without any fear of losing access to the account since it is after all not even their account in the first place. I've actually seen this happen a number of times where an account that was not being used by the person but was still active was hacked and then banned for 3rd party addons or for gold selling, spamming or whatever other things someone would do if they couldn't care less if the account is banned.
Since the first email about my account was the one telling me I was banned and since I never follow links from emails anyway, I'm highly confident someone managed to hack my account remotely.
It might be "unbelievable", but how else would you explain it?
I really don't have enough information about your habits to figure out exactly how you were compromised. Only you can do that on your own, because honestly most people that make these type of claims often omit very crucial information, because they think they are safe or their habits do not put them at risk. Often siting things like virus scanners or in your case the strength of your password as graded by microsoft.
What I can tell you is that the odds of Blizzard being hacked, your account specifically and no one else is rather impossible. If someone hacked the database, they would grab as many as possible and there would be a massive outpouring of hacking stories.
In the end, just because you cannot find the reason you were hacked it is not proof that it must have been blizzards fault. In every single case like this it has been my experience that the player claiming foul has indeed done something. Be it sharing passwords with friends, clicking links, entering beta contests or whatever. The stories also make no sense. You have not played since march or logged in, but your account was still active and you were going to cancel anyway? You didn't log in to check the status of your character, but used the website instead? Sorry it doesn't add up. Not that you are a liar, but there is surely elements missing that would fill in the holes.
You can either stick your fingers in your ears and blame Blizzard, because you personally have no idea what happened or you can start checking your computer for keyloggers. I suggest uploading a logfile to highjackthis.de using the highjackthis tool. It is a decent start to see what is loading on your computer.
I'm sorry if any of this offends you as it is not my intent, but I've given up on people whos first reaction is to blame someone else things they did.
It is HIGHLY doubtful that Bliz was hacked. Most likely you were hacked, or your password was easily guessable. Just because Microsoft says your password is very good does not mean it actually is. Every good password is a combination of upper/lower alphanumerical chars with special symbols like _ or - AND your password does NOT exist in a dictionary. So, Bryan_1234 is not a good pass. gdF5_31Df is a good pass.
On second thought, the email from Blizzard could be the phishing email. You think "oh i got banned, i gotta log on and reset my pass or something" and you follow the link that LOOKS like a link to bliz website. You login and boom, in 5 mins all your stuff is GONE.
I am the type of player where I like to do everything and anything from time to time.
http://en.wikipedia.org/wiki/Holodomor - pre-WW2 genocide.
Look no further then the "friends" you may have entrusted with your password. Most if not all hacked accounts are due to the user's failure to keep the information confidential.
_______
|___
\_______/
=
|X| \*........*/ |X|
|X|_________|X|
You wouldn't understand
One thing that has always bothered me (and kept me from using them) is that the WoW forum login doesn't seem to be secure. I mean, if I go to my account login, in any way shape or form, it shows up as secure, has the little lock and such. Now, when I go to the forums, it NEVER shows up as secure. That being said, if you use the forums, aren't you just asking to be hacked??
IronZ
http://www.TheIronZ.com
My inactive account since December 2007 was hacked and activated in August 2008, almost every thing was sold off and my L70 Druid was camped in Shadow Labs being used to farm the chests using the teleport hack. My account was banned by Blizzard for using this hack, I found out about all this on another forum and decided to log on and check my old account. After calling Blizzard and discussing the situation, my account was returned to me. Not only did the hackers know my log in ID and password but they also knew my secret question and answer. They even changed my email address. I questioned Blizzard how my email address could have been changed with out a notification email being sent to the original address. They had no answer to that.
Now, my gaming PC and the PC I use for the internet are completely different machines. The machine I use to access accounts is pretty secure, Firefox/No-Script. I also have NOD32 along with a couple spyware programs. I also use SnoopFree to protect against keyloggers. All this being said, I am reasonably sure that my ID/PW/Secret Question & Answer were not retrieved via a keylogger, nor do I following links in emails. I have never bought gold or used a PL service, I mean I make 300 gold a day minimum with out trying as it is. Even the Blizzard employees I talked to agreed that keylogging was an unlikely source of my account being compromised. One interesting development was that when I changed my email address, I began receiving email from gold sellers with in 24 hours. Blizzard had no answers how my new email address became known so quickly to gold sellers I have never visited.
I will say that once I got together with the Recovery Specialist, my account and characters were restored on 2 servers. I actually came out ahead since not only I recover everything on my account as of December 2007 but I received all the items the hackers had farmed. I've made over 10k gold slowly selling these items and mats. I would say that I was extremely impressed with the customer service once I got the process moving. I will add that I find throw a tantrum, I am a professional and treated the people I dealt with professionally.
I am convinced that Blizzard knows there is a problem on their end, the fact that they made weak attempts to point the fault at me that I quickly debunked. I do recommend the Blizzard Authenticator, it gives an added level of security that is probably the way future games will be forced to go since the gold selling business seems to be here to stay. It's at the Blizzard store : www.blizzard.com/store/details.xml
You can disagree with me all you want, but even Blizzard acknowledged that it was unlikely that the compromise happened on my end.
If your account was hacked, you just need to report it and follow the steps. They will take care of you unless they know you were guilty. Act mature, don't take your frustration out on the people your dealing with since they had nothing to do with what happened to your account, BUT they are the ones that can fix it. Remember that. The people I dealt with went out their way (working well past their quitting time) to resolve my account issues. Hell, I even resubscribed because of the level of customer service I received.
If someone was able to access the blizzard account database to steal your information they would not stop at just yours and it would be pretty wide spread problem.
As I said earlier, just because Blizzard can't explain your loss and you have no explanation, doesn't mean it was someone their fault. I am not calling you a liar, but there are countless stories just like yours that always turn up something or another that shines a light on the real problem. Like, Oh but its just my brother, he would never do that. Or, trying to win the beta contest from the official looking blizzard email or they clicked a link on the forums that was posted by yet another hacked account. Half of the time it is people who just get caught using 3rd party programs and are upset with getting banned. In the end there are so many ways people get their accounts compromised and don't even know it [of course they don't or they wouldn't do it in the first place]. It is also fairly common for people to try to blame someone else, because they lack any explanation for how the situation happened.
About your email address, if someone got your information the first time through lets just pretend it was a keylogger or trojan, it would be just as easy to get your new email address. Honestly the worst thing you can do is feel bullet proof because you are running spyware programs, anti virus or any program of that nature. I've personally seen/fixed some friends computers after they got hacked. Norton and Mcfee both missed the trojan.
I have to say. My account got hacked also - same situation - the hacker sold all my stuff - took what they could from the guild bank - sold all that stuff etc.
Blizzard of course would not accept any responsibility and it was also at a time when I had taken some time off. Usually when you change your password - you get an email stating that your password changed. I got no such email but, my password was changed.
I am a network engineer I download from reputable sites only etc. The fact that blizzard all but, blamed me for being hacked was stupid - plus the fact that I hadn't been playing in around a months time - also stupid. Blizzard needs to take responsibility but, of course they won't.
My experience getting my account back in shape - my uneasiness to play the game again - I don't want to deal with this again - it was totally lame and the process of "investigation" is basically none. They don't investigate - at least that's the feeling I get. They aren't trying to get to the bottom of this - they just blame you and restore your stuff (over time) etc.
I will not be back - blizzard typically has issues with security - diablo - totally hacked to pieces for example almost from it's launch.
Anywayz - it was fun - and unless my Eve account gets hacked I will play it for a while along with xbox360 and wii and stuff. Untill the next big mmo comes out.
This game (WoW) is good. Definatly great for beginners but, when you get hacked - then get blamed when you know better...
***BUT, I have to say when I heard about guildies accounts being hacked - I thought the exact same thing - I thought wow this guy went to a bad porn site or downloaded infected software etc. Just wait... when you become the victom then you will be like "whoah" ...
So why is it that you can believe that someone can hack Blizzard's website and get your information, but you believe that your PC and I guess everyone else here who claims it wasn't them couldn't be? I don't understand what makes you feel you are more impervious to being hacked than Blizzard? And if Blizzard were being hacked, than why would only certain accounts be hacked? Wouldn't it make sense that if they can get your information, they would be able to get anyones?
Sorry, but your logic is not logical. You in fact even admit that when it's anyone else you have no problem believing they were in fact hacked and not Blizzard, but when it happens to you, then suddenly what didn't make any sense now makes sense. That's called denial. Don't get me wrong, this is a perfectly normal response. We don't like to think that we could have been hacked. It's much easier to believe that someone else, whether that be Blizzard or some other player, was hacked but not ourselves. Surely you must see how ridiculous this sounds. Only someone else can be hacked, not me?
I think the problem stems from the fact that we really don't know how safe we really are or are not. We use these tools, firewalls, anti-virus programs and anti-spyware. We do all the things we are suppose to do like not going to sites we believe are dangerous or clicking on links in e-mails and whatnot and we believe we are perfectly safe. The truth is you aren't. If someone REALLY wants to get into your PC, they probably can. The biggest deterrent to not letting in intruder's is just to NOT let them know you are there in the first place. Once they know you are there, if they REALLY want to, they can probably get in. That's your best defense, the fact that you are an anonymous port in the VAST superhighway. Why WOULD someone want to get into YOUR PC. They probably wouldn't.
Blizzard is different. They KNOW people want to get in. They have sophisticated software designed to prevent unauthorized entry. They have a team of people that's whole purpose is to prevent someone from bypassing their security. Do you have that? No you don't, but you want to believe that you are safer than Blizzard.