Originally posted by grandpagamer Another wall of text blaming anyone and everyone except Blizz. And as for it "happening all at once" I guess you are in denial at the influx of these claims of late? Its everyone else thats to blame, couldnt be a security breach from Blizzard. You deserve a raise.
Perhaps there is evidence to support my claim that blizzard has been having massive problems with people getting their accounts hacked for a few years now compared to the sensationalism of your "omg its tons of people" without anything to back up your claims. Show me some supporting information of your influx
Not that we have not heard all these conspiracies before the wow battlenet account merger. For example: 12
The one common theme you can always count on in "my account was hacked" threads is people not understanding how they were hacked and coming to some conclusion that blames anyone but themselves. It is always the fault of some blizzard employee who is selling account information on the black market or a flaw in the database server.
I just love the logic here. Someones account gets hacked, they have no idea how, so obviously it must be blizzards fault. How anyone can disagree with solid logic and reasoning like that I just don't know. /Tinfoilhat on.
My account was recently compromised (not hacked mind you). My own fault, 3am and I clicked an armory link from a very well known wow sight (rhymes with wow zeroes) and didn't think twice about when the very wow looking page came up asking for my login and password, 3 hours later my account was taken over. I'm on a Mac, patch like it's my religion. KNEW how I was compromised and told blizzard as much in my first email as well as sending them all my browser and logs for the previous 2 weeks (nothing to hide because I'm old and boring). This 2 1/2 weeks ago, and since then all kinds of warnings have come out about this. So, the compromise part is my fault, but here are the things that really annoy me...
1. My authenticator showed up 2 days later, I had ordered it 3 WEEKS EARLIER. I would have gladly paid for shipping myself, but when I ordered that wasn't an option. So yes, get an authenticator but don't expect to get it any time soon.
2. When I requested a password reset, I had to answer a security question, one that quite frankly I had to sit and think about for a while (not the answer, just why I chose the question) until I remembered when I first opened my wow account almost 5 years ago was at the same time something happened in my personal life and that's why I picked the question. The answer wasn't trivial or easy to guess and it's the one and only time I've ever used this word for anything, so if I had to type it, how did my password get changed in the first place without knowing this?
3. Members of my guild started petitioning on my behalf in game, even though I didn't really want them to (was taking the opportunity to replay Fallout 3... didn't like it on Xbox but it's awesome on the PC). One of my guildmates, who can be very persistant, kept bugging a GM until he told her a few things about my account that I wouldn't expect a GM in game to be able to find out and certainly not tell to another person (details about when my account was compromised, how much gold I lost, how close my account was to being restored).
4. After spending 5 hours over 3 days on hold (and getting hung up on every time... I basically get home from work 1 1/2 hours before the phone lines close for the day) my wife decided to try calling for me. She works dealing with people on the phone all the time and is quite good at getting people to say and do things on the phone they really shouldn't. She only knew my account name and billing address, she didn't have my account key or know the credit card I use for billing, yet she was able to get them to reset my password again. She says she wasn't even asked my security question and doesn't know the answer anyway.
So, while I FULLY ADMIT I AM AT FAULT FOR MY COMPROMISED ACCOUNT, I have seen first hand that Blizzard, when it comes to the human element at least, has some security issues of their own.
The reason it seems more wide spread now more than ever is probably due to the amount of people playing. Add to that the Bnet change over (worst idea ever) and you will see more of this happening.
One thing Bliz could do is include the authenticator with new game boxes as well as allow current members to order one free. I mean yeah, $6 isnt a lot of money, but sending out the fobs to everyone who asks for one wouldnt be cutting too much into their profits (and it would show that they care about their players even more).
But again as others have said in this thread; Make sure you are not using the same username/password combo for other things such as game related sites, etc. Make a strong password (there are sites out there that will help you gauge how strong a password is, or what will make it stronger) or at least change your password every few weeks - that should keep some hackers busy for a while.
And the point of some hackers holding onto info for weeks/months before using it is a true statement. Sometimes they will just keep checking to see if the info is valid without actually using it untill they need it (or sell it).
But yeah, in all my years of MMO playing (96 to present) I had never seen a single person get hacked (aside from something like an angry friend/boyfriend/girlfriend incident or 2 in EQ) untill the age of WoW. And even then it wasnt untill the last year and a half or so. But then again there has never been more MMO players in the genre at one single time then there is now. And with more players comes a larger presence of RMT. Its up to the players themselves to keep their accounts safe, though a little help from the companies (authenticators for account holders at no cost) would go a long way in fighting the problem.
There are 3 types of people in the world. 1.) Those who make things happen 2.) Those who watch things happen 3.) And those who wonder "What the %#*& just happened?!"
Nods. Got jacked when BattleNet merge happened, at the time my account was inactive. Then again earlier this month that resulted in a ban. Now again this week account is jacked, password changed and suspended. Its real easy to check if the emails are real or not... LOG INTO THE GAME. When the game says you are suspended, password error, banned... its real. Blizz is making it real easy to keep playing EQ2. But for the key log crowd... how does one log a password to an account that is inactive? Wouldn't someone have to oh I don't know, type it in? =P
They could of logged your info months and months ago when you did type it in, just cus you get hacked on Friday does not mean you got key logged you on the Thursday.
A few months I can understand, but what about those accounts that were closed for YEARS? You seriously think they are going to keep the information for an inactive account for over 3 years? I find that pretty unlikely.
Nods. Got jacked when BattleNet merge happened, at the time my account was inactive. Then again earlier this month that resulted in a ban. Now again this week account is jacked, password changed and suspended. Its real easy to check if the emails are real or not... LOG INTO THE GAME. When the game says you are suspended, password error, banned... its real. Blizz is making it real easy to keep playing EQ2. But for the key log crowd... how does one log a password to an account that is inactive? Wouldn't someone have to oh I don't know, type it in? =P
They could of logged your info months and months ago when you did type it in, just cus you get hacked on Friday does not mean you got key logged you on the Thursday.
A few months I can understand, but what about those accounts that were closed for YEARS? You seriously think they are going to keep the information for an inactive account for over 3 years? I find that pretty unlikely.
All of those claims start out with "so I got this email about my wow accounts being banned" which is the same way almost every phishing email claims.
People who frequent websites usually give an email address.
Some people use the same password for much of their online activities.
Some people did this at gold selling websites not knowing that in the future those two pieces of information would be linked to their account.
Then some people just click official looking emails from blizzard that show up in their email, years after they quit.
There are just so many ways for people to make mistakes that it is far easier for hackers to exploit the ignorance of players than it could ever be to hack an account database at a corporation. Not to mention that exposes the gold seller to criminal charges, which hacking a personal account isn't going to get prosecuted.
Same here. Acc was hacked some days ago. It was inactive. I changed to batllenet this summer.
Btw, the hacker reactivated my acc with a 7-days-trial and flamed in the ingame chat so now my account is banned.
How stupid is that?
I'm lucky i never realy got into WoW... just a few lvl 1-5 chars but I'm not sure how good the security of battlenet is now and maybe I'll never use that account again for further games. Well.. yes.. i changed my pw already.
Bilzzard - fail. in this case. no virus/keylogger/trojans since i bought my new pc.
Nods. Got jacked when BattleNet merge happened, at the time my account was inactive. Then again earlier this month that resulted in a ban. Now again this week account is jacked, password changed and suspended. Its real easy to check if the emails are real or not... LOG INTO THE GAME. When the game says you are suspended, password error, banned... its real. Blizz is making it real easy to keep playing EQ2. But for the key log crowd... how does one log a password to an account that is inactive? Wouldn't someone have to oh I don't know, type it in? =P
They could of logged your info months and months ago when you did type it in, just cus you get hacked on Friday does not mean you got key logged you on the Thursday.
A few months I can understand, but what about those accounts that were closed for YEARS? You seriously think they are going to keep the information for an inactive account for over 3 years? I find that pretty unlikely.
All of those claims start out with "so I got this email about my wow accounts being banned" which is the same way almost every phishing email claims.
That isnt true, not all of these claims are starting out with that, only a few have actually mentioned getting those emails. If you read mine and several others like mine, we've repeatedly told people we didn't get any emails from blizzard that we clicked links on, I didn't get any emails from blizzard at all for the 3 years my account was inactive, not a single one. In 2006, the last email I got from them was my confirmation for cancellation of my account. The only email I got from blizzard in 2009 was when I reactivated my account in december and they sent my confirmation for that, just a message telling me thank you for reactivating your account. I changed my password the day I reactivated it, so even if they did hold on to my 3 year old account information, it changed after the activation. The email i used for the battle.net account was a special one JUST for the account, and never used before, and has a different password than the account itself and a non related name. I played it the first day of reactivation no problems.
I keep telling people I never got an email about my wow account being banned as well. I got my notice of being banned when I went to log into game the next day and it denied me access, giving me a message on the login screen itself(are people going to tell me THIS was fake and downloaded a keylogger too?) saying my account was compromised and I was banned to allow me to regain access. I called blizzard support from there to handle it and the rep on the other side confirmed the hack took place the night I had reactivated it, after I had logged out.
I can guarantee that in the 3 years my account was inactive, I did not go to any wow sites, not even the official one, I did not get emails about wow or from blizzard, I've had 3 different computers since then as well, and run daily virus scans which is a moot point since again, i've had 3 different computers since I canceled my account, so I really doubt there is something harmful that i've been holding onto since 2006 lurking around waiting for me to access it unless it can jump computers...
My account just recently got hacked after it being inactive for almost a year. I haven't even had the game installed on my PC since July of 2009. The only reason I even found out about it being hacked is because it was banned for 72 hours because of illegal activity. Also, the idiot that hacked it used a stolen credit card to activate it. I have never been hacked or let ANYONE have access to my account. Seems like the gmail theory someone had a few pages back might have some weight.
Originally posted by grandpagamer Another wall of text blaming anyone and everyone except Blizz. And as for it "happening all at once" I guess you are in denial at the influx of these claims of late? Its everyone else thats to blame, couldnt be a security breach from Blizzard. You deserve a raise.
Perhaps there is evidence to support my claim that blizzard has been having massive problems with people getting their accounts hacked for a few years now compared to the sensationalism of your "omg its tons of people" without anything to back up your claims. Show me some supporting information of your influx
How about this from an article titled "Blizzard Considering Mandatory Authenticators":
"The primary reason for this is that compromised accounts are at what sounds like an all-time high, with Blizzard's staff worked to the point that restoration queues have reached unacceptable levels."
Now maybe Curse is wrong, but Blizzard did state that the queues are unacceptable and that the current waiting time is around 8 days for an account recovery. When I was hacked back in April, I had all my stuff recovered in like 4 days. Just look at the number of posts in the last couple weeks on this site and compare that to back before they started the process of converting the accounts to Battle.net accounts. I think you'll see there's a big disparity.
2. When I requested a password reset, I had to answer a security question, one that quite frankly I had to sit and think about for a while (not the answer, just why I chose the question) until I remembered when I first opened my wow account almost 5 years ago was at the same time something happened in my personal life and that's why I picked the question. The answer wasn't trivial or easy to guess and it's the one and only time I've ever used this word for anything, so if I had to type it, how did my password get changed in the first place without knowing this?
This is a very good question. I'm assuming that you have asked Blizzard this question? I don't believe that you have to answer that question to change your password, only if you want it reset. Maybe it should be mandatory to answer that question for you to change your password as well. When my account was hacked, they changed the password on my account so that I couldn't log in while they were on the account.
Originally posted by grandpagamer Another wall of text blaming anyone and everyone except Blizz. And as for it "happening all at once" I guess you are in denial at the influx of these claims of late? Its everyone else thats to blame, couldnt be a security breach from Blizzard. You deserve a raise.
Perhaps there is evidence to support my claim that blizzard has been having massive problems with people getting their accounts hacked for a few years now compared to the sensationalism of your "omg its tons of people" without anything to back up your claims. Show me some supporting information of your influx
How about this from an article titled "Blizzard Considering Mandatory Authenticators":
"The primary reason for this is that compromised accounts are at what sounds like an all-time high, with Blizzard's staff worked to the point that restoration queues have reached unacceptable levels."
Now maybe Curse is wrong, but Blizzard did state that the queues are unacceptable and that the current waiting time is around 8 days for an account recovery. When I was hacked back in April, I had all my stuff recovered in like 4 days. Just look at the number of posts in the last couple weeks on this site and compare that to back before they started the process of converting the accounts to Battle.net accounts. I think you'll see there's a big disparity.
I used to get about 3-5 fake blizzard emails a day.
Now I get that many in 1 day and they are getting better and better at looking official or saying things that make people panic or trust them.
It is the same with identity theft and credit card fraud. The more money there is to be made, the more people will engage in it.
There are just so many ways for people to make mistakes that it is far easier for hackers to exploit the ignorance of players than it could ever be to hack an account database at a corporation.
They wouldn't necessarily have to hack an account database. Gold selling etc is big business. They stand to make a lot of money. All it would take is a little cash and someone who's willing to divulge some information. They wouldn't have to give away their entire database of information, all they would have to do is leak a small bit of information (assuming the person had access to the information or could get it).
Sure there are dozens if not hundreds of ways that they can get the information from the users themselves and yes I agree that most likely that is how they obtained the information, but to assume that every corporation's database is beyond reproach is taking it too far. It could happen. I don't have evidence that it has, I'm only saying that it's possible.
Originally posted by grandpagamer Another wall of text blaming anyone and everyone except Blizz. And as for it "happening all at once" I guess you are in denial at the influx of these claims of late? Its everyone else thats to blame, couldnt be a security breach from Blizzard. You deserve a raise.
Perhaps there is evidence to support my claim that blizzard has been having massive problems with people getting their accounts hacked for a few years now compared to the sensationalism of your "omg its tons of people" without anything to back up your claims. Show me some supporting information of your influx
How about this from an article titled "Blizzard Considering Mandatory Authenticators":
"The primary reason for this is that compromised accounts are at what sounds like an all-time high, with Blizzard's staff worked to the point that restoration queues have reached unacceptable levels."
Now maybe Curse is wrong, but Blizzard did state that the queues are unacceptable and that the current waiting time is around 8 days for an account recovery. When I was hacked back in April, I had all my stuff recovered in like 4 days. Just look at the number of posts in the last couple weeks on this site and compare that to back before they started the process of converting the accounts to Battle.net accounts. I think you'll see there's a big disparity.
I used to get about 3-5 fake blizzard emails a day.
Now I get that many in 1 day and they are getting better and better at looking official or saying things that make people panic or trust them.
It is the same with identity theft and credit card fraud. The more money there is to be made, the more people will engage in it.
So you're agreeing that there IS an upswing in the number of compromised accounts or at least there appears to be an upswing?
I'm convinced there is and so I just added an authenticator to my account. The 7 dollars was never an issue with me, I just hadn't felt I needed one really up till I got hacked. I would have added one then, but they were sold out. With my buddie's account being hacked last week, I decided to go shopping again.
And what's more interesting to me is that in my buddies case, it appears that his yahoo e-mail address and password were compromised first, not his WoW account. Once they got into his yahoo mail, it was a simple matter of asking Blizzard for a password reset and bingo they had his WoW account information.
Originally posted by grandpagamer Another wall of text blaming anyone and everyone except Blizz. And as for it "happening all at once" I guess you are in denial at the influx of these claims of late? Its everyone else thats to blame, couldnt be a security breach from Blizzard. You deserve a raise.
Perhaps there is evidence to support my claim that blizzard has been having massive problems with people getting their accounts hacked for a few years now compared to the sensationalism of your "omg its tons of people" without anything to back up your claims. Show me some supporting information of your influx
How about this from an article titled "Blizzard Considering Mandatory Authenticators":
"The primary reason for this is that compromised accounts are at what sounds like an all-time high, with Blizzard's staff worked to the point that restoration queues have reached unacceptable levels."
Now maybe Curse is wrong, but Blizzard did state that the queues are unacceptable and that the current waiting time is around 8 days for an account recovery. When I was hacked back in April, I had all my stuff recovered in like 4 days. Just look at the number of posts in the last couple weeks on this site and compare that to back before they started the process of converting the accounts to Battle.net accounts. I think you'll see there's a big disparity.
I used to get about 3-5 fake blizzard emails a day.
Now I get that many in 1 day and they are getting better and better at looking official or saying things that make people panic or trust them.
It is the same with identity theft and credit card fraud. The more money there is to be made, the more people will engage in it.
So there are more reported cases recently? Im starting to get the picture. If you say its so then it is. If someone unaffiliated with Blizzard says so then its a lie.
Nods. Got jacked when BattleNet merge happened, at the time my account was inactive. Then again earlier this month that resulted in a ban. Now again this week account is jacked, password changed and suspended. Its real easy to check if the emails are real or not... LOG INTO THE GAME. When the game says you are suspended, password error, banned... its real. Blizz is making it real easy to keep playing EQ2. But for the key log crowd... how does one log a password to an account that is inactive? Wouldn't someone have to oh I don't know, type it in? =P
They could of logged your info months and months ago when you did type it in, just cus you get hacked on Friday does not mean you got key logged you on the Thursday.
A few months I can understand, but what about those accounts that were closed for YEARS? You seriously think they are going to keep the information for an inactive account for over 3 years? I find that pretty unlikely.
All of those claims start out with "so I got this email about my wow accounts being banned" which is the same way almost every phishing email claims.
That isnt true, not all of these claims are starting out with that, only a few have actually mentioned getting those emails. If you read mine and several others like mine, we've repeatedly told people we didn't get any emails from blizzard that we clicked links on, I didn't get any emails from blizzard at all for the 3 years my account was inactive, not a single one. In 2006, the last email I got from them was my confirmation for cancellation of my account. The only email I got from blizzard in 2009 was when I reactivated my account in december and they sent my confirmation for that, just a message telling me thank you for reactivating your account. I changed my password the day I reactivated it, so even if they did hold on to my 3 year old account information, it changed after the activation. The email i used for the battle.net account was a special one JUST for the account, and never used before, and has a different password than the account itself and a non related name. I played it the first day of reactivation no problems.
I keep telling people I never got an email about my wow account being banned as well. I got my notice of being banned when I went to log into game the next day and it denied me access, giving me a message on the login screen itself(are people going to tell me THIS was fake and downloaded a keylogger too?) saying my account was compromised and I was banned to allow me to regain access. I called blizzard support from there to handle it and the rep on the other side confirmed the hack took place the night I had reactivated it, after I had logged out.
I can guarantee that in the 3 years my account was inactive, I did not go to any wow sites, not even the official one, I did not get emails about wow or from blizzard, I've had 3 different computers since then as well, and run daily virus scans which is a moot point since again, i've had 3 different computers since I canceled my account, so I really doubt there is something harmful that i've been holding onto since 2006 lurking around waiting for me to access it unless it can jump computers...
You are right, I should have said "almost every case" as I try not to speak in absolutes. My apologies for putting it that way.
Still the majority of these stories do start out that way. Otherwise how do these people who do not play wow find out they got hacked or banned? An email. How did you find out? Real of fake it is hard to know since the level of computer literacy varies from user to user. If you didn't get an email, perhaps someone hacked your email account as the source of this problem and deleted the message? It wouldn't be the first time that happened.
What I have come to understand over the years from helping people who get hacked and reading the endless amount of posts from people who have their accounts hacked the vast overwhelming amount of cases involve the end user doing something to cause or invite this situation. I am not saying that to offend you, but it is something that can be seen over and over again.
I mean the unspoken premise here is that there is a massive increase in hacked accounts and the lack of any evidence the end user was at fault means that blizzard must somehow have a security flaw. Looking at the steady increase of accounts getting hacked and the increase in response time, it must be an ongoing problem for years now, because there is an endless parade of people claiming they didn't do anything wrong.
So instead of fixing this flaw in their account database, blizzard is considering all manners of strange resolutions right up to the extreme of making authenticators mandatory to play the game. Does that sound plausable just because a handful of people don't know how their accounts were compromised? The lack of understanding of what happened is being turned into proof that someone else is at fault.
Now if the problem was with blizzard getting hacked, where do you think blizzard would be spending their efforts to fix this problem? If hacking blizzards database was causing a massive increase in hacked accounts, there would be no need for the massive influx of new phishing scams and that is just for starters.
On the flip side there has always been a problem with hacked accounts in mmos and it has been steadily getting worse. There was a lot of media and communication about the new battlenet login system which hackers can exploit the social aspect of. It opened up a new avenue for them to send out official looking emails or whatever else they can dream up, because people were expecting it and let their guards down.
Phishing however isn't the only way to hack an account. A good hacker can be equally successful just by hacking your email account and resetting your wow password. Honestly it is stupid easy to get control of some email accounts just by looking at the insanely easy to guess password hint questions they use.
If someone gets ahold of your email account and you do not know it, then they can easily reset the password on your wow account and delete the blizzard email from your inbox without you ever knowing what happened.
If a hacker somehow gets ahold of a list of email addresses and login passwords from any website, forum or email list, then odds are they can just try to log into all wow with all of them and a few will work. People are notorious for reusing passwords and the same email account for everything they do on the internet.
There are so many ways to get compromised that it is hard to even suggest all of them. Poisoned websites, dns records, flash, java, zero day exploits, etc. The list is really long.
Originally posted by grandpagamer So there are more reported cases recently? Im starting to get the picture. If you say its so then it is. If someone unaffiliated with Blizzard says so then its a lie.
No, people are allowed to make up any unsupported claims they want to and ignore any information that shows the flaws in their claims. You are right, hacking is a brand new problem since battlenet. We know, because you said so right? Who needs information to support claims anymore. Discussing a topic is so last decade. Strawman attacks are all the new rage for proving ones point.
You aren't even trying anymore grandpa. What gives?
Originally posted by Pappy13 So you're agreeing that there IS an upswing in the number of compromised accounts or at least there appears to be an upswing? I'm convinced there is and so I just added an authenticator to my account. The 7 dollars was never an issue with me, I just hadn't felt I needed one really up till I got hacked. I would have added one then, but they were sold out. With my buddie's account being hacked last week, I decided to go shopping again. And what's more interesting to me is that in my buddies case, it appears that his yahoo e-mail address and password were compromised first, not his WoW account. Once they got into his yahoo mail, it was a simple matter of asking Blizzard for a password reset and bingo they had his WoW account information.
I agree that there is an upward swing, but it has been growing for years.
As for your buddies email account, yes that is a popular way for hackers to gain access to wow accounts and do so in such a way that the user would most likely never know what happened. People can change their wow information all they want, but if a hacker has access to your email, they can reset your password whenever they want and delete any confirmation emails so you would never know.
Originally posted by grandpagamer So there are more reported cases recently? Im starting to get the picture. If you say its so then it is. If someone unaffiliated with Blizzard says so then its a lie.
No, people are allowed to make up any unsupported claims they want to and ignore any information that shows the flaws in their claims. You are right, hacking is a brand new problem since battlenet. We know, because you said so right? Who needs information to support claims anymore. Discussing a topic is so last decade. Strawman attacks are all the new rage for proving ones point.
You aren't even trying anymore grandpa. What gives?
No not at all. Unsupported claims made by Blizzard cheerleaders are to be taken as fact until proven otherwise, which is not doable unless Blizzard announces such proof. This will never happen as Blizzard has shown it only releases information that portrays them in a favorable light such as sub numbers or better yet, the lack of sub numbers.
I mean the unspoken premise here is that there is a massive increase in hacked accounts and the lack of any evidence the end user was at fault means that blizzard must somehow have a security flaw. No, I think you're making that leap that is has to be a security flaw with Blizzard. All some of us are suggesting is that something has changed, we don't know what. There's likely a reason for the recent upsurge and you can't simply dismiss it as being the users because you can't with any certainty make that claim any more than we can claim it's Blizzard. You must however allow that it MIGHT not be the user's themselves. It's POSSIBLE that they have found a new way to compromise user's information that has nothing to do with the users themselves and we just haven't found out what is yet. Looking at the steady increase of accounts getting hacked and the increase in response time, it must be an ongoing problem for years now, because there is an endless parade of people claiming they didn't do anything wrong. True, but that doesn't mean that every case of compromised information is due to user error. So instead of fixing this flaw in their account database, blizzard is considering all manners of strange resolutions right up to the extreme of making authenticators mandatory to play the game. Does that sound plausable just because a handful of people don't know how their accounts were compromised? The lack of understanding of what happened is being turned into proof that someone else is at fault. You lost me there. I think the fact that Blizzard is considering this is an indication that perhaps even Blizzard is mistified what may be the root cause. It might simply be easier/cheaper/faster to simply require everyone to get an authenticator then to try to continue to try to fight an uphill battle. Now if the problem was with blizzard getting hacked, where do you think blizzard would be spending their efforts to fix this problem? If hacking blizzards database was causing a massive increase in hacked accounts, there would be no need for the massive influx of new phishing scams and that is just for starters. Why would Blizzard's database have to be hacked? That's NOT the only way to compromise the information. It could be leaked by someone with access to the information or it could be that it's not Blizzard's database at all that has been compromised but simply a database of user-id's and passwords that are somehow related to the information. E-mail user-id's and passwords for instance. Either way, how would Blizzard know unless they found out who or what it was? What this suggests is that Blizzard DOESN'T know the root cause, not that they KNOW their database info was NOT compromised. There is no way for them to KNOW that for sure. On the flip side there has always been a problem with hacked accounts in mmos and it has been steadily getting worse. There was a lot of media and communication about the new battlenet login system which hackers can exploit the social aspect of. It opened up a new avenue for them to send out official looking emails or whatever else they can dream up, because people were expecting it and let their guards down. Phishing however isn't the only way to hack an account. A good hacker can be equally successful just by hacking your email account and resetting your wow password. Honestly it is stupid easy to get control of some email accounts just by looking at the insanely easy to guess password hint questions they use. If someone gets ahold of your email account and you do not know it, then they can easily reset the password on your wow account and delete the blizzard email from your inbox without you ever knowing what happened. If a hacker somehow gets ahold of a list of email addresses and login passwords from any website, forum or email list, then odds are they can just try to log into all wow with all of them and a few will work. People are notorious for reusing passwords and the same email account for everything they do on the internet. There are so many ways to get compromised that it is hard to even suggest all of them. Poisoned websites, dns records, flash, java, zero day exploits, etc. The list is really long. Add to that list the fact that the Blizzard's account information COULD be compromised and I agree with you. You don't seem to be willing to accept that fact. Let me give you a scenario and you tell me whether you think it's possible. Let's say I work for a large corporation. I have access to information which would be considered private by that corporation. Let's suppose that I were to make a copy of some of that information and sneak it out of the office. Now lets say that I've worked for the corporation for a number of years, but then I'm terminated for some reason. Let's suppose that I'm pretty upset about being terminated and lets say that I decide that the information that I have would be worth some money to someone. Let's say that I figure the corporation owes me something because I worked there a long time and then was treated unfairly. So lets say I offer to divulge that information to someone who's willing to pay me for it. Is that so far fetched to be beyond the realm of possibility? If you think so, you would be wrong because this type of thing has happened before and it's happened at the highest levels of security within this very country. They even made a movie about it called the Falcon and the Snowman. If you haven't seen it, watch it, you'd be surprised how easy it is if you have the guts to do it. http://www.imdb.com/title/tt0087231/ Now if it can happen to the US government, you don't think it could happen to Blizzard?
I mean the unspoken premise here is that there is a massive increase in hacked accounts and the lack of any evidence the end user was at fault means that blizzard must somehow have a security flaw. (1) No, I think you're making that leap that is has to be a security flaw with Blizzard. All some of us are suggesting is that something has changed, we don't know what. There's likely a reason for the recent upsurge and you can't simply dismiss it as being the users because you can't with any certainty make that claim any more than we can claim it's Blizzard. You must however allow that it MIGHT not be the user's themselves. It's POSSIBLE that they have found a new way to compromise user's information that has nothing to do with the users themselves and we just haven't found out what is yet. Looking at the steady increase of accounts getting hacked and the increase in response time, it must be an ongoing problem for years now, because there is an endless parade of people claiming they didn't do anything wrong. (2) True, but that doesn't mean that every case of compromised information is due to user error. So instead of fixing this flaw in their account database, blizzard is considering all manners of strange resolutions right up to the extreme of making authenticators mandatory to play the game. Does that sound plausable just because a handful of people don't know how their accounts were compromised? The lack of understanding of what happened is being turned into proof that someone else is at fault. (3) You lost me there. I think the fact that Blizzard is considering this is an indication that perhaps even Blizzard is mistified what may be the root cause. It might simply be easier/cheaper/faster to simply require everyone to get an authenticator then to try to continue to try to fight an uphill battle. Now if the problem was with blizzard getting hacked, where do you think blizzard would be spending their efforts to fix this problem? If hacking blizzards database was causing a massive increase in hacked accounts, there would be no need for the massive influx of new phishing scams and that is just for starters. (4) Why would Blizzard's database have to be hacked? That's NOT the only way to compromise the information. It could be leaked by someone with access to the information or it could be that it's not Blizzard's database at all that has been compromised but simply a database of user-id's and passwords that are somehow related to the information. E-mail user-id's and passwords for instance. Either way, how would Blizzard know unless they found out who or what it was? What this suggests is that Blizzard DOESN'T know the root cause, not that they KNOW their database info was NOT compromised. There is no way for them to KNOW that for sure. On the flip side there has always been a problem with hacked accounts in mmos and it has been steadily getting worse. There was a lot of media and communication about the new battlenet login system which hackers can exploit the social aspect of. It opened up a new avenue for them to send out official looking emails or whatever else they can dream up, because people were expecting it and let their guards down. Phishing however isn't the only way to hack an account. A good hacker can be equally successful just by hacking your email account and resetting your wow password. Honestly it is stupid easy to get control of some email accounts just by looking at the insanely easy to guess password hint questions they use. If someone gets ahold of your email account and you do not know it, then they can easily reset the password on your wow account and delete the blizzard email from your inbox without you ever knowing what happened. If a hacker somehow gets ahold of a list of email addresses and login passwords from any website, forum or email list, then odds are they can just try to log into all wow with all of them and a few will work. People are notorious for reusing passwords and the same email account for everything they do on the internet. There are so many ways to get compromised that it is hard to even suggest all of them. Poisoned websites, dns records, flash, java, zero day exploits, etc. The list is really long. (5) Add to that list the fact that the Blizzard's account information COULD be compromised and I agree with you. You don't seem to be willing to accept that fact. Let me give you a scenario and you tell me whether you think it's possible. Let's say I work for a large corporation. I have access to information which would be considered private by that corporation. Let's suppose that I were to make a copy of some of that information and sneak it out of the office. Now lets say that I've worked for the corporation for a number of years, but then I'm terminated for some reason. Let's suppose that I'm pretty upset about being terminated and lets say that I decide that the information that I have would be worth some money to someone. Let's say that I figure the corporation owes me something because I worked there a long time and then was treated unfairly. So lets say I offer to divulge that information to someone who's willing to pay me for it. Is that so far fetched to be beyond the realm of possibility? If you think so, you would be wrong because this type of thing has happened before and it's happened at the highest levels of security within this very country. They even made a movie about it called the Falcon and the Snowman. If you haven't seen it, watch it, you'd be surprised how easy it is if you have the guts to do it. http://www.imdb.com/title/tt0087231/ Now if it can happen to the US government, you don't think it could happen to Blizzard?
(1)
I am not making the leap that there is a flaw with the blizzard database. I am actually saying the increase in hacked accounts isn't something to be surprised about and has been a growing problem for years now. The battlenet change just gives hackers another tool to create phishing scams and hacking email accounts easier, because people the battlenet changes received a lot of press and users are expecting emails and such. They let their guard down.
Why I feel certain that it is users and not a flaw in the database? Because that has been the trend in mmo hacking for years and years. I doubt that users suddenly became secure users right at the same time that blizzard screwed up their security, because a few people on some forums can't explain how their accounts got hacked.
Blizzard has been preaching account security to users for years now. The authenticator was in direct response to account hacks. Everything blizzard is doing is aimed at the users. I think they know where the problem is, but no company can make users smart.
(2)
My point was that it would be rather hard for a database flaw to be the reason for an steadily increasing problem of account hacking that has spanned years. Possible in the most remote classroom controlled conditions, perhaps, but not very likely.
(3)
I think blizzard has correctly identified the problem. Users are ignorant and careless with how they conduct themselves on the internet (that isn't meant to be an insult, just reality). A company cannot make a change to their database that will result in their users suddenly becoming educated about account security and safe surfing habits. That is why blizzard felt the need to create a physical device that even the most careless of users would have to be intentionally circumvent to release their account details to a hacker.
(4)
I agree that there are a million scenarios of what could happen, but most are just not plausible given what we know. Yes someone at blizzard could have stolen information, but eventually that trend would show itself. It wouldn't take long to realize that only accounts up to 12 months ago are getting hacked or some seed/tarpit accounts that could only be gotten from hacking the DB are attempting to log on. I'm pretty sure blizzard is smart enough to put some tight controls and observation on access to their account database long before they got to the point of selling physical account security devices.
I also fully agree that there is vulnerability to wow accounts from sources that are outside of blizzards control. People email accounts, website databases, etc. Again nothing blizzard (or any company) could change.
(5)
Yes it is possible that blizzard has or had a compromise in several different scenarios. Anything is possible really, but that does not explain a long term and growing problem of hacked accounts nor make it a plausible conclusion to explain the unknown.
The end result is that people on some forums don't know how or why they were hacked so they feel it must be the fault of someone else. This isn't a new trend and it won't be the last time people blame a company for their security issues. I just can't buy into that without something more to support it. Why not use the lack of information and understanding to blame orbital mind control lasers.
Account hacking has been a large problem for years and I think ignoring that trend isn't being objective. That goes against years and years of people getting hacked via phishing scams, account trading/selling, and every other form of user based attack that has been going on just to reach the conclusion that is must be blizzards fault so that a few people can explain away their problem as someone elses fault.
Believe me when I say I know just how possible it is. It has been a very very very long time, but I fully understand exactly what is possible. Trust me on that.
I am not making the leap that there is a flaw with the blizzard database. That's not what I said. What I said is that you are saying WE are making the leap to that when we are not. You're saying it FOR us. That's NOT what we are saying. You're telling us that the only way for it NOT to be the fault of the player is that it HAS to be a Blizzard Security Problem. No it doesn't. It could be NEITHER a Blizzard security problem NOR the users fault. It could be something else. That's what I'm saying. My point was that it would be rather hard for a database flaw to be the reason for an steadily increasing problem of account hacking that has spanned years. Up to now. but something has changed recently. There's been a recent dramatic increase in the problem. You don't think it's dramatic, but some of us do. I think blizzard has correctly identified the problem. I think you are assuming you know what Blizzard knows. I agree that there are a million scenarios of what could happen, but most are just not plausible given what we know. Agreed. Yes someone at blizzard could have stolen information, but eventually that trend would show itself. Suppose it just happened 3 weeks ago? That would account for the recent surge. Yes it is possible that blizzard has or had a compromise in several different scenarios. Anything is possible really, but that does not explain a long term and growing problem of hacked accounts nor make it a plausible conclusion to explain the unknown. Agreed and yet it MIGHT explain a sudden rash of them if in fact there has been a sudden rash. You have to admit that this whole problem of INACTIVE accounts being hacked is new. At least I hadn't heard that before. Believe me when I say I know just how possible it is. It has been a very very very long time, but I fully understand exactly what is possible. Trust me on that. For some it hasn't been so long ago. Maybe it's easier to accept if it had happened to you recently. When I was hacked in April, my buddy made a lot of jokes at my expense right up till last week when he had his account hacked. You think he's changed his mind just a bit? I think he has. We both work for large corporations. We are both progammers. We both know darn well what IS and IS NOT possible and we are both pretty aware of security issues. We both have Anti-virus. We both don't give out our passwords to just anyone, etc etc. I'm NOT saying we are immune, we both know that we are not, but suddenly he feels a WHOLE lot less secure BECAUSE it just happened to him. He has added an authenticator to his account this week as well. Look, I'm not trying to convince anyone that this IS a Blizzard problem. Actually I'm trying to convince everyone that you are safer with an authenticator on your account regardless of what is causing the problem. I think we can agree on that and I think Blizzard would agree as well.
Originally posted by Daffid011 You are right, I should have said "almost every case" as I try not to speak in absolutes. My apologies for putting it that way. Still the majority of these stories do start out that way. Otherwise how do these people who do not play wow find out they got hacked or banned? An email. How did you find out? Real of fake it is hard to know since the level of computer literacy varies from user to user. If you didn't get an email, perhaps someone hacked your email account as the source of this problem and deleted the message? It wouldn't be the first time that happened. What I have come to understand over the years from helping people who get hacked and reading the endless amount of posts from people who have their accounts hacked the vast overwhelming amount of cases involve the end user doing something to cause or invite this situation. I am not saying that to offend you, but it is something that can be seen over and over again. I mean the unspoken premise here is that there is a massive increase in hacked accounts and the lack of any evidence the end user was at fault means that blizzard must somehow have a security flaw. Looking at the steady increase of accounts getting hacked and the increase in response time, it must be an ongoing problem for years now, because there is an endless parade of people claiming they didn't do anything wrong. So instead of fixing this flaw in their account database, blizzard is considering all manners of strange resolutions right up to the extreme of making authenticators mandatory to play the game. Does that sound plausable just because a handful of people don't know how their accounts were compromised? The lack of understanding of what happened is being turned into proof that someone else is at fault. Now if the problem was with blizzard getting hacked, where do you think blizzard would be spending their efforts to fix this problem? If hacking blizzards database was causing a massive increase in hacked accounts, there would be no need for the massive influx of new phishing scams and that is just for starters.
On the flip side there has always been a problem with hacked accounts in mmos and it has been steadily getting worse. There was a lot of media and communication about the new battlenet login system which hackers can exploit the social aspect of. It opened up a new avenue for them to send out official looking emails or whatever else they can dream up, because people were expecting it and let their guards down. Phishing however isn't the only way to hack an account. A good hacker can be equally successful just by hacking your email account and resetting your wow password. Honestly it is stupid easy to get control of some email accounts just by looking at the insanely easy to guess password hint questions they use. If someone gets ahold of your email account and you do not know it, then they can easily reset the password on your wow account and delete the blizzard email from your inbox without you ever knowing what happened. If a hacker somehow gets ahold of a list of email addresses and login passwords from any website, forum or email list, then odds are they can just try to log into all wow with all of them and a few will work. People are notorious for reusing passwords and the same email account for everything they do on the internet. There are so many ways to get compromised that it is hard to even suggest all of them. Poisoned websites, dns records, flash, java, zero day exploits, etc. The list is really long.
Oh, I am not denying that there are going to be plenty of cases where it IS the users faults. And I know that many if not most will be just that. But what I am trying to say is that the number of cases where it appears it actually ISNT the users fault appears to be rising. While that may be less than the number of cases where the user is to blame, it is still alarming that its happening.
I am not wanting to outright blame Blizzard either, because I have experienced first hand that they are trying to help people as much as possible when they are approached with the problem. As someone else stated, the Blizzard employees I spoke too seemed just as baffled by the situation and increase as many of us are. I don't so much think its blizzard getting hacked, but hackers finding a new way of obtaining information, or as someone said, someone inside giving out such information.
Now I don't think I am invincible and immune to any of these types of attacks, no one really is. But I am not stupid. I've worked with computers for along time, I've done network security. I know the basics of keeping myself safe and how to at least reduce the chances of these type of things happening. I've played MMOs for 12 years and I've never had an account hacked or compromised in anyway because I have always been careful to not give out account information and never made use of any type of third party programs. I am also very much against RMT and powerleveling and any service like that so I've never visited those sites. I run malware and spyware scan daily to check for anything that may pop up. Each MMO account I have has a unique ID and Password. My passwords are rather random as well, combos of numbers and letters with 2-3 capitals. I generally have 1 email I use for my MMO accounts, 1 for my forum accounts, and 1 I use for work and personal use. I made yet another JUST for my battle.net account. Part of this is slight OCD and keeping everything organized and separated, and part of it is being over cautious. But its kept me safe for over 12 years until now. I went through and changed every password on every account and email I had after that happened.. The fact that I took all of those steps and still got hacked bothers me and concerns me and makes me feel my accounts and information within is never really going to be safe.
I am not making the leap that there is a flaw with the blizzard database. That's not what I said. What I said is that you are saying WE are making the leap to that when we are not. You're saying it FOR us. That's NOT what we are saying. You're telling us that the only way for it NOT to be the fault of the player is that it HAS to be a Blizzard Security Problem. No it doesn't. It could be NEITHER a Blizzard security problem NOR the users fault. It could be something else. That's what I'm saying. My point was that it would be rather hard for a database flaw to be the reason for an steadily increasing problem of account hacking that has spanned years. Up to now. but something has changed recently. There's been a recent dramatic increase in the problem. You don't think it's dramatic, but some of us do. I think blizzard has correctly identified the problem. I think you are assuming you know what Blizzard knows. I agree that there are a million scenarios of what could happen, but most are just not plausible given what we know. Agreed. Yes someone at blizzard could have stolen information, but eventually that trend would show itself. Suppose it just happened 3 weeks ago? That would account for the recent surge. Yes it is possible that blizzard has or had a compromise in several different scenarios. Anything is possible really, but that does not explain a long term and growing problem of hacked accounts nor make it a plausible conclusion to explain the unknown. Agreed and yet it MIGHT explain a sudden rash of them if in fact there has been a sudden rash. You have to admit that this whole problem of INACTIVE accounts being hacked is new. At least I hadn't heard that before. Believe me when I say I know just how possible it is. It has been a very very very long time, but I fully understand exactly what is possible. Trust me on that. For some it hasn't been so long ago. Maybe it's easier to accept if it had happened to you recently. When I was hacked in April, my buddy made a lot of jokes at my expense right up till last week when he had his account hacked. You think he's changed his mind just a bit? I think he has. We both work for large corporations. We are both progammers. We both know darn well what IS and IS NOT possible and we are both pretty aware of security issues. We both have Anti-virus. We both don't give out our passwords to just anyone, etc etc. I'm NOT saying we are immune, we both know that we are not, but suddenly he feels a WHOLE lot less secure BECAUSE it just happened to him. He has added an authenticator to his account this week as well. Look, I'm not trying to convince anyone that this IS a Blizzard problem. Actually I'm trying to convince everyone that you are safer with an authenticator on your account regardless of what is causing the problem. I think we can agree on that and I think Blizzard would agree as well.
When you said "No, I think you're making that leap that is has to be a security flaw with Blizzard." I took that to mean you think I was proposing it is a fault with blizzard. I was actually referring to people who make that leap of faith due to lack of understanding of what happened to them. I think we just got our words crossed there.
That being said, why does something have to have changed recently? Just because people are getting hacked in what appears to be larger numbers? Account hacking has been on the rise for a long time, why is now so special? The same arguments being said here were said a year ago and years prior to that.
I just don't buy into the theory that when someone cannot explain their security flaws that it must be the fault of blizzard (or someone else) which is a very common conclusion that people jump to. Usually the same people that think antivirus and complex passwords make them any bit safer.
While it is certainly possible, the odds of those claims being true are very slim and there is no compelling reason to suggest that is the case. Being possible doesn't mean being plausible. People have a long ugly history of doing stupid shit with their account information and I see no reason to suggest why that has changed. I see every reason to think that hackers are getting more efficient with their techniques and sheer volume of attacks that it is far more likely to be the cause of any perceived increase.
As for someone selling blizzard data 3 weeks ago, sure that is possible and it could explain what some think there is a massive increase, but it doesn't explain the steady increase of hacks over the years. The reaction blizzard has been pounding into its users is about account security and authenticators which suggests they have a really good idea where the problem is coming from. The trend is pretty clear and the insider theory only holds water if there is a continued and escalated theft of data which makes the theory very difficult to believe. Again, all based on people not being able to explain what they got hacked, which I just don't find a compelling argument.
im glad i bought my authenticator. 2 of my friends had there accounts hacked one was stupid enough to click on a spam email he was lucky he got his stuff back . but now ive change my email to one i dont use for any web sites and pass word . they only cost a few ££s but for sake of 4years work i dont mind . if my account dose get hacked i know it a blizzard problem . good thing i did buy it. the week my friend lost there account id only been useing that same pc few days befor good job i changed all my stuff 2 months ago .
Comments
Perhaps there is evidence to support my claim that blizzard has been having massive problems with people getting their accounts hacked for a few years now compared to the sensationalism of your "omg its tons of people" without anything to back up your claims. Show me some supporting information of your influx
Not that we have not heard all these conspiracies before the wow battlenet account merger. For example: 1 2
The one common theme you can always count on in "my account was hacked" threads is people not understanding how they were hacked and coming to some conclusion that blames anyone but themselves. It is always the fault of some blizzard employee who is selling account information on the black market or a flaw in the database server.
I just love the logic here. Someones account gets hacked, they have no idea how, so obviously it must be blizzards fault. How anyone can disagree with solid logic and reasoning like that I just don't know. /Tinfoilhat on.
P.S. (#6 You're obviously a paid shill for Company X) on the worst defense list. Congrats.
After World of warcraft and NCSoft Fake, battle-net ?
We're not safe anywhere !!!
Feed the toondb.com Characters Database, generate sigs.
My account was recently compromised (not hacked mind you). My own fault, 3am and I clicked an armory link from a very well known wow sight (rhymes with wow zeroes) and didn't think twice about when the very wow looking page came up asking for my login and password, 3 hours later my account was taken over. I'm on a Mac, patch like it's my religion. KNEW how I was compromised and told blizzard as much in my first email as well as sending them all my browser and logs for the previous 2 weeks (nothing to hide because I'm old and boring). This 2 1/2 weeks ago, and since then all kinds of warnings have come out about this. So, the compromise part is my fault, but here are the things that really annoy me...
1. My authenticator showed up 2 days later, I had ordered it 3 WEEKS EARLIER. I would have gladly paid for shipping myself, but when I ordered that wasn't an option. So yes, get an authenticator but don't expect to get it any time soon.
2. When I requested a password reset, I had to answer a security question, one that quite frankly I had to sit and think about for a while (not the answer, just why I chose the question) until I remembered when I first opened my wow account almost 5 years ago was at the same time something happened in my personal life and that's why I picked the question. The answer wasn't trivial or easy to guess and it's the one and only time I've ever used this word for anything, so if I had to type it, how did my password get changed in the first place without knowing this?
3. Members of my guild started petitioning on my behalf in game, even though I didn't really want them to (was taking the opportunity to replay Fallout 3... didn't like it on Xbox but it's awesome on the PC). One of my guildmates, who can be very persistant, kept bugging a GM until he told her a few things about my account that I wouldn't expect a GM in game to be able to find out and certainly not tell to another person (details about when my account was compromised, how much gold I lost, how close my account was to being restored).
4. After spending 5 hours over 3 days on hold (and getting hung up on every time... I basically get home from work 1 1/2 hours before the phone lines close for the day) my wife decided to try calling for me. She works dealing with people on the phone all the time and is quite good at getting people to say and do things on the phone they really shouldn't. She only knew my account name and billing address, she didn't have my account key or know the credit card I use for billing, yet she was able to get them to reset my password again. She says she wasn't even asked my security question and doesn't know the answer anyway.
So, while I FULLY ADMIT I AM AT FAULT FOR MY COMPROMISED ACCOUNT, I have seen first hand that Blizzard, when it comes to the human element at least, has some security issues of their own.
The reason it seems more wide spread now more than ever is probably due to the amount of people playing. Add to that the Bnet change over (worst idea ever) and you will see more of this happening.
One thing Bliz could do is include the authenticator with new game boxes as well as allow current members to order one free. I mean yeah, $6 isnt a lot of money, but sending out the fobs to everyone who asks for one wouldnt be cutting too much into their profits (and it would show that they care about their players even more).
But again as others have said in this thread; Make sure you are not using the same username/password combo for other things such as game related sites, etc. Make a strong password (there are sites out there that will help you gauge how strong a password is, or what will make it stronger) or at least change your password every few weeks - that should keep some hackers busy for a while.
And the point of some hackers holding onto info for weeks/months before using it is a true statement. Sometimes they will just keep checking to see if the info is valid without actually using it untill they need it (or sell it).
But yeah, in all my years of MMO playing (96 to present) I had never seen a single person get hacked (aside from something like an angry friend/boyfriend/girlfriend incident or 2 in EQ) untill the age of WoW. And even then it wasnt untill the last year and a half or so. But then again there has never been more MMO players in the genre at one single time then there is now. And with more players comes a larger presence of RMT. Its up to the players themselves to keep their accounts safe, though a little help from the companies (authenticators for account holders at no cost) would go a long way in fighting the problem.
There are 3 types of people in the world.
1.) Those who make things happen
2.) Those who watch things happen
3.) And those who wonder "What the %#*& just happened?!"
They could of logged your info months and months ago when you did type it in, just cus you get hacked on Friday does not mean you got key logged you on the Thursday.
A few months I can understand, but what about those accounts that were closed for YEARS? You seriously think they are going to keep the information for an inactive account for over 3 years? I find that pretty unlikely.
They could of logged your info months and months ago when you did type it in, just cus you get hacked on Friday does not mean you got key logged you on the Thursday.
A few months I can understand, but what about those accounts that were closed for YEARS? You seriously think they are going to keep the information for an inactive account for over 3 years? I find that pretty unlikely.
All of those claims start out with "so I got this email about my wow accounts being banned" which is the same way almost every phishing email claims.
People who frequent websites usually give an email address.
Some people use the same password for much of their online activities.
Some people did this at gold selling websites not knowing that in the future those two pieces of information would be linked to their account.
Then some people just click official looking emails from blizzard that show up in their email, years after they quit.
There are just so many ways for people to make mistakes that it is far easier for hackers to exploit the ignorance of players than it could ever be to hack an account database at a corporation. Not to mention that exposes the gold seller to criminal charges, which hacking a personal account isn't going to get prosecuted.
Same here. Acc was hacked some days ago. It was inactive. I changed to batllenet this summer.
Btw, the hacker reactivated my acc with a 7-days-trial and flamed in the ingame chat so now my account is banned.
How stupid is that?
I'm lucky i never realy got into WoW... just a few lvl 1-5 chars but I'm not sure how good the security of battlenet is now and maybe I'll never use that account again for further games. Well.. yes.. i changed my pw already.
Bilzzard - fail. in this case. no virus/keylogger/trojans since i bought my new pc.
They could of logged your info months and months ago when you did type it in, just cus you get hacked on Friday does not mean you got key logged you on the Thursday.
A few months I can understand, but what about those accounts that were closed for YEARS? You seriously think they are going to keep the information for an inactive account for over 3 years? I find that pretty unlikely.
All of those claims start out with "so I got this email about my wow accounts being banned" which is the same way almost every phishing email claims.
That isnt true, not all of these claims are starting out with that, only a few have actually mentioned getting those emails. If you read mine and several others like mine, we've repeatedly told people we didn't get any emails from blizzard that we clicked links on, I didn't get any emails from blizzard at all for the 3 years my account was inactive, not a single one. In 2006, the last email I got from them was my confirmation for cancellation of my account. The only email I got from blizzard in 2009 was when I reactivated my account in december and they sent my confirmation for that, just a message telling me thank you for reactivating your account. I changed my password the day I reactivated it, so even if they did hold on to my 3 year old account information, it changed after the activation. The email i used for the battle.net account was a special one JUST for the account, and never used before, and has a different password than the account itself and a non related name. I played it the first day of reactivation no problems.
I keep telling people I never got an email about my wow account being banned as well. I got my notice of being banned when I went to log into game the next day and it denied me access, giving me a message on the login screen itself (are people going to tell me THIS was fake and downloaded a keylogger too?) saying my account was compromised and I was banned to allow me to regain access. I called blizzard support from there to handle it and the rep on the other side confirmed the hack took place the night I had reactivated it, after I had logged out.
I can guarantee that in the 3 years my account was inactive, I did not go to any wow sites, not even the official one, I did not get emails about wow or from blizzard, I've had 3 different computers since then as well, and run daily virus scans which is a moot point since again, i've had 3 different computers since I canceled my account, so I really doubt there is something harmful that i've been holding onto since 2006 lurking around waiting for me to access it unless it can jump computers...
My account just recently got hacked after it being inactive for almost a year. I haven't even had the game installed on my PC since July of 2009. The only reason I even found out about it being hacked is because it was banned for 72 hours because of illegal activity. Also, the idiot that hacked it used a stolen credit card to activate it. I have never been hacked or let ANYONE have access to my account. Seems like the gmail theory someone had a few pages back might have some weight.
Perhaps there is evidence to support my claim that blizzard has been having massive problems with people getting their accounts hacked for a few years now compared to the sensationalism of your "omg its tons of people" without anything to back up your claims. Show me some supporting information of your influx
How about this from an article titled "Blizzard Considering Mandatory Authenticators":
"The primary reason for this is that compromised accounts are at what sounds like an all-time high, with Blizzard's staff worked to the point that restoration queues have reached unacceptable levels."
http://www.curse.com/articles/wow-en-news/646551.aspx
Now maybe Curse is wrong, but Blizzard did state that the queues are unacceptable and that the current waiting time is around 8 days for an account recovery. When I was hacked back in April, I had all my stuff recovered in like 4 days. Just look at the number of posts in the last couple weeks on this site and compare that to back before they started the process of converting the accounts to Battle.net accounts. I think you'll see there's a big disparity.
This is a very good question. I'm assuming that you have asked Blizzard this question? I don't believe that you have to answer that question to change your password, only if you want it reset. Maybe it should be mandatory to answer that question for you to change your password as well. When my account was hacked, they changed the password on my account so that I couldn't log in while they were on the account.
Perhaps there is evidence to support my claim that blizzard has been having massive problems with people getting their accounts hacked for a few years now compared to the sensationalism of your "omg its tons of people" without anything to back up your claims. Show me some supporting information of your influx
How about this from an article titled "Blizzard Considering Mandatory Authenticators":
"The primary reason for this is that compromised accounts are at what sounds like an all-time high, with Blizzard's staff worked to the point that restoration queues have reached unacceptable levels."
http://www.curse.com/articles/wow-en-news/646551.aspx
Now maybe Curse is wrong, but Blizzard did state that the queues are unacceptable and that the current waiting time is around 8 days for an account recovery. When I was hacked back in April, I had all my stuff recovered in like 4 days. Just look at the number of posts in the last couple weeks on this site and compare that to back before they started the process of converting the accounts to Battle.net accounts. I think you'll see there's a big disparity.
I used to get about 3-5 fake blizzard emails a day.
Now I get that many in 1 day and they are getting better and better at looking official or saying things that make people panic or trust them.
It is the same with identity theft and credit card fraud. The more money there is to be made, the more people will engage in it.
They wouldn't necessarily have to hack an account database. Gold selling etc is big business. They stand to make a lot of money. All it would take is a little cash and someone who's willing to divulge some information. They wouldn't have to give away their entire database of information, all they would have to do is leak a small bit of information (assuming the person had access to the information or could get it).
Sure there are dozens if not hundreds of ways that they can get the information from the users themselves and yes I agree that most likely that is how they obtained the information, but to assume that every corporation's database is beyond reproach is taking it too far. It could happen. I don't have evidence that it has, I'm only saying that it's possible.
Perhaps there is evidence to support my claim that blizzard has been having massive problems with people getting their accounts hacked for a few years now compared to the sensationalism of your "omg its tons of people" without anything to back up your claims. Show me some supporting information of your influx
How about this from an article titled "Blizzard Considering Mandatory Authenticators":
"The primary reason for this is that compromised accounts are at what sounds like an all-time high, with Blizzard's staff worked to the point that restoration queues have reached unacceptable levels."
http://www.curse.com/articles/wow-en-news/646551.aspx
Now maybe Curse is wrong, but Blizzard did state that the queues are unacceptable and that the current waiting time is around 8 days for an account recovery. When I was hacked back in April, I had all my stuff recovered in like 4 days. Just look at the number of posts in the last couple weeks on this site and compare that to back before they started the process of converting the accounts to Battle.net accounts. I think you'll see there's a big disparity.
I used to get about 3-5 fake blizzard emails a day.
Now I get that many in 1 day and they are getting better and better at looking official or saying things that make people panic or trust them.
It is the same with identity theft and credit card fraud. The more money there is to be made, the more people will engage in it.
So you're agreeing that there IS an upswing in the number of compromised accounts or at least there appears to be an upswing?
I'm convinced there is and so I just added an authenticator to my account. The 7 dollars was never an issue with me, I just hadn't felt I needed one really up till I got hacked. I would have added one then, but they were sold out. With my buddie's account being hacked last week, I decided to go shopping again.
And what's more interesting to me is that in my buddies case, it appears that his yahoo e-mail address and password were compromised first, not his WoW account. Once they got into his yahoo mail, it was a simple matter of asking Blizzard for a password reset and bingo they had his WoW account information.
Perhaps there is evidence to support my claim that blizzard has been having massive problems with people getting their accounts hacked for a few years now compared to the sensationalism of your "omg its tons of people" without anything to back up your claims. Show me some supporting information of your influx
How about this from an article titled "Blizzard Considering Mandatory Authenticators":
"The primary reason for this is that compromised accounts are at what sounds like an all-time high, with Blizzard's staff worked to the point that restoration queues have reached unacceptable levels."
http://www.curse.com/articles/wow-en-news/646551.aspx
Now maybe Curse is wrong, but Blizzard did state that the queues are unacceptable and that the current waiting time is around 8 days for an account recovery. When I was hacked back in April, I had all my stuff recovered in like 4 days. Just look at the number of posts in the last couple weeks on this site and compare that to back before they started the process of converting the accounts to Battle.net accounts. I think you'll see there's a big disparity.
I used to get about 3-5 fake blizzard emails a day.
Now I get that many in 1 day and they are getting better and better at looking official or saying things that make people panic or trust them.
It is the same with identity theft and credit card fraud. The more money there is to be made, the more people will engage in it.
So there are more reported cases recently? Im starting to get the picture. If you say its so then it is. If someone unaffiliated with Blizzard says so then its a lie.
They could of logged your info months and months ago when you did type it in, just cus you get hacked on Friday does not mean you got key logged you on the Thursday.
A few months I can understand, but what about those accounts that were closed for YEARS? You seriously think they are going to keep the information for an inactive account for over 3 years? I find that pretty unlikely.
All of those claims start out with "so I got this email about my wow accounts being banned" which is the same way almost every phishing email claims.
That isnt true, not all of these claims are starting out with that, only a few have actually mentioned getting those emails. If you read mine and several others like mine, we've repeatedly told people we didn't get any emails from blizzard that we clicked links on, I didn't get any emails from blizzard at all for the 3 years my account was inactive, not a single one. In 2006, the last email I got from them was my confirmation for cancellation of my account. The only email I got from blizzard in 2009 was when I reactivated my account in december and they sent my confirmation for that, just a message telling me thank you for reactivating your account. I changed my password the day I reactivated it, so even if they did hold on to my 3 year old account information, it changed after the activation. The email i used for the battle.net account was a special one JUST for the account, and never used before, and has a different password than the account itself and a non related name. I played it the first day of reactivation no problems.
I keep telling people I never got an email about my wow account being banned as well. I got my notice of being banned when I went to log into game the next day and it denied me access, giving me a message on the login screen itself (are people going to tell me THIS was fake and downloaded a keylogger too?) saying my account was compromised and I was banned to allow me to regain access. I called blizzard support from there to handle it and the rep on the other side confirmed the hack took place the night I had reactivated it, after I had logged out.
I can guarantee that in the 3 years my account was inactive, I did not go to any wow sites, not even the official one, I did not get emails about wow or from blizzard, I've had 3 different computers since then as well, and run daily virus scans which is a moot point since again, i've had 3 different computers since I canceled my account, so I really doubt there is something harmful that i've been holding onto since 2006 lurking around waiting for me to access it unless it can jump computers...
You are right, I should have said "almost every case" as I try not to speak in absolutes. My apologies for putting it that way.
Still the majority of these stories do start out that way. Otherwise how do these people who do not play wow find out they got hacked or banned? An email. How did you find out? Real of fake it is hard to know since the level of computer literacy varies from user to user. If you didn't get an email, perhaps someone hacked your email account as the source of this problem and deleted the message? It wouldn't be the first time that happened.
What I have come to understand over the years from helping people who get hacked and reading the endless amount of posts from people who have their accounts hacked the vast overwhelming amount of cases involve the end user doing something to cause or invite this situation. I am not saying that to offend you, but it is something that can be seen over and over again.
I mean the unspoken premise here is that there is a massive increase in hacked accounts and the lack of any evidence the end user was at fault means that blizzard must somehow have a security flaw. Looking at the steady increase of accounts getting hacked and the increase in response time, it must be an ongoing problem for years now, because there is an endless parade of people claiming they didn't do anything wrong.
So instead of fixing this flaw in their account database, blizzard is considering all manners of strange resolutions right up to the extreme of making authenticators mandatory to play the game. Does that sound plausable just because a handful of people don't know how their accounts were compromised? The lack of understanding of what happened is being turned into proof that someone else is at fault.
Now if the problem was with blizzard getting hacked, where do you think blizzard would be spending their efforts to fix this problem? If hacking blizzards database was causing a massive increase in hacked accounts, there would be no need for the massive influx of new phishing scams and that is just for starters.
On the flip side there has always been a problem with hacked accounts in mmos and it has been steadily getting worse. There was a lot of media and communication about the new battlenet login system which hackers can exploit the social aspect of. It opened up a new avenue for them to send out official looking emails or whatever else they can dream up, because people were expecting it and let their guards down.
Phishing however isn't the only way to hack an account. A good hacker can be equally successful just by hacking your email account and resetting your wow password. Honestly it is stupid easy to get control of some email accounts just by looking at the insanely easy to guess password hint questions they use.
If someone gets ahold of your email account and you do not know it, then they can easily reset the password on your wow account and delete the blizzard email from your inbox without you ever knowing what happened.
If a hacker somehow gets ahold of a list of email addresses and login passwords from any website, forum or email list, then odds are they can just try to log into all wow with all of them and a few will work. People are notorious for reusing passwords and the same email account for everything they do on the internet.
There are so many ways to get compromised that it is hard to even suggest all of them. Poisoned websites, dns records, flash, java, zero day exploits, etc. The list is really long.
No, people are allowed to make up any unsupported claims they want to and ignore any information that shows the flaws in their claims. You are right, hacking is a brand new problem since battlenet. We know, because you said so right? Who needs information to support claims anymore. Discussing a topic is so last decade. Strawman attacks are all the new rage for proving ones point.
You aren't even trying anymore grandpa. What gives?
I agree that there is an upward swing, but it has been growing for years.
As for your buddies email account, yes that is a popular way for hackers to gain access to wow accounts and do so in such a way that the user would most likely never know what happened. People can change their wow information all they want, but if a hacker has access to your email, they can reset your password whenever they want and delete any confirmation emails so you would never know.
No, people are allowed to make up any unsupported claims they want to and ignore any information that shows the flaws in their claims. You are right, hacking is a brand new problem since battlenet. We know, because you said so right? Who needs information to support claims anymore. Discussing a topic is so last decade. Strawman attacks are all the new rage for proving ones point.
You aren't even trying anymore grandpa. What gives?
No not at all. Unsupported claims made by Blizzard cheerleaders are to be taken as fact until proven otherwise, which is not doable unless Blizzard announces such proof. This will never happen as Blizzard has shown it only releases information that portrays them in a favorable light such as sub numbers or better yet, the lack of sub numbers.
(1)
I am not making the leap that there is a flaw with the blizzard database. I am actually saying the increase in hacked accounts isn't something to be surprised about and has been a growing problem for years now. The battlenet change just gives hackers another tool to create phishing scams and hacking email accounts easier, because people the battlenet changes received a lot of press and users are expecting emails and such. They let their guard down.
Why I feel certain that it is users and not a flaw in the database? Because that has been the trend in mmo hacking for years and years. I doubt that users suddenly became secure users right at the same time that blizzard screwed up their security, because a few people on some forums can't explain how their accounts got hacked.
Blizzard has been preaching account security to users for years now. The authenticator was in direct response to account hacks. Everything blizzard is doing is aimed at the users. I think they know where the problem is, but no company can make users smart.
(2)
My point was that it would be rather hard for a database flaw to be the reason for an steadily increasing problem of account hacking that has spanned years. Possible in the most remote classroom controlled conditions, perhaps, but not very likely.
(3)
I think blizzard has correctly identified the problem. Users are ignorant and careless with how they conduct themselves on the internet (that isn't meant to be an insult, just reality). A company cannot make a change to their database that will result in their users suddenly becoming educated about account security and safe surfing habits. That is why blizzard felt the need to create a physical device that even the most careless of users would have to be intentionally circumvent to release their account details to a hacker.
(4)
I agree that there are a million scenarios of what could happen, but most are just not plausible given what we know. Yes someone at blizzard could have stolen information, but eventually that trend would show itself. It wouldn't take long to realize that only accounts up to 12 months ago are getting hacked or some seed/tarpit accounts that could only be gotten from hacking the DB are attempting to log on. I'm pretty sure blizzard is smart enough to put some tight controls and observation on access to their account database long before they got to the point of selling physical account security devices.
I also fully agree that there is vulnerability to wow accounts from sources that are outside of blizzards control. People email accounts, website databases, etc. Again nothing blizzard (or any company) could change.
(5)
Yes it is possible that blizzard has or had a compromise in several different scenarios. Anything is possible really, but that does not explain a long term and growing problem of hacked accounts nor make it a plausible conclusion to explain the unknown.
The end result is that people on some forums don't know how or why they were hacked so they feel it must be the fault of someone else. This isn't a new trend and it won't be the last time people blame a company for their security issues. I just can't buy into that without something more to support it. Why not use the lack of information and understanding to blame orbital mind control lasers.
Account hacking has been a large problem for years and I think ignoring that trend isn't being objective. That goes against years and years of people getting hacked via phishing scams, account trading/selling, and every other form of user based attack that has been going on just to reach the conclusion that is must be blizzards fault so that a few people can explain away their problem as someone elses fault.
Believe me when I say I know just how possible it is. It has been a very very very long time, but I fully understand exactly what is possible. Trust me on that.
Oh, I am not denying that there are going to be plenty of cases where it IS the users faults. And I know that many if not most will be just that. But what I am trying to say is that the number of cases where it appears it actually ISNT the users fault appears to be rising. While that may be less than the number of cases where the user is to blame, it is still alarming that its happening.
I am not wanting to outright blame Blizzard either, because I have experienced first hand that they are trying to help people as much as possible when they are approached with the problem. As someone else stated, the Blizzard employees I spoke too seemed just as baffled by the situation and increase as many of us are. I don't so much think its blizzard getting hacked, but hackers finding a new way of obtaining information, or as someone said, someone inside giving out such information.
Now I don't think I am invincible and immune to any of these types of attacks, no one really is. But I am not stupid. I've worked with computers for along time, I've done network security. I know the basics of keeping myself safe and how to at least reduce the chances of these type of things happening. I've played MMOs for 12 years and I've never had an account hacked or compromised in anyway because I have always been careful to not give out account information and never made use of any type of third party programs. I am also very much against RMT and powerleveling and any service like that so I've never visited those sites. I run malware and spyware scan daily to check for anything that may pop up. Each MMO account I have has a unique ID and Password. My passwords are rather random as well, combos of numbers and letters with 2-3 capitals. I generally have 1 email I use for my MMO accounts, 1 for my forum accounts, and 1 I use for work and personal use. I made yet another JUST for my battle.net account. Part of this is slight OCD and keeping everything organized and separated, and part of it is being over cautious. But its kept me safe for over 12 years until now. I went through and changed every password on every account and email I had after that happened.. The fact that I took all of those steps and still got hacked bothers me and concerns me and makes me feel my accounts and information within is never really going to be safe.
When you said "No, I think you're making that leap that is has to be a security flaw with Blizzard." I took that to mean you think I was proposing it is a fault with blizzard. I was actually referring to people who make that leap of faith due to lack of understanding of what happened to them. I think we just got our words crossed there.
That being said, why does something have to have changed recently? Just because people are getting hacked in what appears to be larger numbers? Account hacking has been on the rise for a long time, why is now so special? The same arguments being said here were said a year ago and years prior to that.
I just don't buy into the theory that when someone cannot explain their security flaws that it must be the fault of blizzard (or someone else) which is a very common conclusion that people jump to. Usually the same people that think antivirus and complex passwords make them any bit safer.
While it is certainly possible, the odds of those claims being true are very slim and there is no compelling reason to suggest that is the case. Being possible doesn't mean being plausible. People have a long ugly history of doing stupid shit with their account information and I see no reason to suggest why that has changed. I see every reason to think that hackers are getting more efficient with their techniques and sheer volume of attacks that it is far more likely to be the cause of any perceived increase.
As for someone selling blizzard data 3 weeks ago, sure that is possible and it could explain what some think there is a massive increase, but it doesn't explain the steady increase of hacks over the years. The reaction blizzard has been pounding into its users is about account security and authenticators which suggests they have a really good idea where the problem is coming from. The trend is pretty clear and the insider theory only holds water if there is a continued and escalated theft of data which makes the theory very difficult to believe. Again, all based on people not being able to explain what they got hacked, which I just don't find a compelling argument.
im glad i bought my authenticator. 2 of my friends had there accounts hacked one was stupid enough to click on a spam email he was lucky he got his stuff back . but now ive change my email to one i dont use for any web sites and pass word . they only cost a few ££s but for sake of 4years work i dont mind . if my account dose get hacked i know it a blizzard problem . good thing i did buy it. the week my friend lost there account id only been useing that same pc few days befor good job i changed all my stuff 2 months ago .