Its just a conspiracy so Blizzard can sell over-priced authenticators to 12 million people and rake in even more $$$.
wow, wear your tinfoil hat much? Blizzard sells authenticators at cost (they are like $6.50). If you have an iPhone, or other smartphone you can DL the authenticator for your phone for Free (if it costs that's your carrier not blizzard).
BTW you can't write an addon that acts like a keylogger. The Addons exist in their own protected bubble in the WoW client while running. The Addon cannot pass data either into or out of an addon while the client if running. An addon is allowed to save a file to your character's data folder and to the generic folder that holds addon info. Blizzard added those limits into addons to prevent them from being used as malware.
If you have picked up a keylogger from an addon, it's because you downloaded the addon's archive from someplace other than Curse gaming, Wow Interface or WowUI.com all three of those sites check their addons for Virus load, and also make sure that what you DL is a .zip and not a .exe self extracting archive or installer. The latter are programs that run and that can be or act like trojan horses.
You can avoid a ton of malware by simply running Firefox and using adBlock. Adblock blocks all of those banner ads and other advertising crap that litter most websites. Many companies that sell those banners are less than diligent about making sure that ad headers don't contain malware. I know of more than one site that has had problems with ads that had malware payloads.
Also to the person who believes that hacks only happen on WoW. Think again. I know of people who have gotten hacked for all of their items and IG money on EQmac. That's a single server with a very small population, with accounts that can't even be transfered to other EQ servers. Hacks happen in every game. It's just a small enough problem with your run of the mill small population game.
WoW's population on all servers is so large that even a small percentage of people getting hacked is a huge money drain for blizzard. So it made sense for them to offer something like an authenticator. It saves them tons of money which is why authenticators went from $20 when they were introduced to $6.50 today (or free if you have a phone that can run the mobile authenticator prog).
The only thing that seems strange here, is that the majority of the hacks do not occur until after the account is deactive and no longer in use. Which means the hacker has to hack the system (username and PW, not blizzard), reactivate the account then put an authenticator on it all to get the stuff off it.
Seems a fair bit of cost (the monthly fee+ authenticator) to hack an old account. Just seems weird to me this didn't start until after the battle.net situation.
Help me Bioware, you're my only hope.
Is ToR going to be good? Dude it's Bioware making a freaking star wars game, all signs point to awesome. -G4tv MMo report.
Make a notepad document, type out your password in there and save it to your desktop. Every time you log into the game, just copy & paste your password. Add a authenticator on top of that and you should never worry about having your account broken into.
One, have not heard of one account with an authenticator being hacked. Banks use those devices and never had a problem getting hacked when I worked for one. So that is a sure fire way to prevent getting hacked.
Had a different problem, had not played since they changed logins to a battlenet account and I obviously could not log into my account so I had to call them to get my account transfered to my battlenet account, took about 5 calls to get through and about a 40 minute wait. I also had a bad key for my expansion pack, but they would not do anything about that even though whoever was using it had obviously stolen it. Had to return the package to the store and get another.
You can get hacked with authenticator as well. Though it is more difficult. Essentially the keylogger sends your password and authenticator code to the hacker while at the same time killing your connection to wow. They then have seconds to input your info. It happens. It's also rare.
Yeah, that CAN happen, but as soon as you log on again, it boots them. So they have about 30 seconds or less?
I think a big problem is, most casual computer users see that email "FROM BLIZZARD" about changes to their account, account suspected of being hacked, yadda yadda. 99% of the time it's not a real email.
If at ANY point you are concerned about your account, type in battle.net in your browser yourself, and then log in. That's so simple. But so many people lack common sense that I guess that is hard.
Call them. You may be on the phone for a while, but it is worth it.
I am in australia might be an expensive call..unless there is a aussie number I can call? I am currently on my 5th email & its looking like I will get my accounts but who know what they will be like when I do get em they may not have any characters I did have 5-6 characters maxed out & raid equiped .
My account was recently locked even though I haven't played in years. Damn hackers somehow got my info, and I guess used it to farm gold. It's takes a dirtbag to do something like this, but I pity their means of income, if anyone even purchases from them.
i got hacked twice. im a douche for answering the email to verify my battle.net account....twice. but got all me gear back both times within a week. im still a douche though lol
i got hacked twice. im a douche for answering the email to verify my battle.net account....twice. but got all me gear back both times within a week. im still a douche though lol
NEVER click a link that appears in an email. Even if that person is someone you trust. If you MUST put your machine in danger and click an email link, then first in your email client (or even webmail site) find the "Show headers" or better yet "Show Source". Look at the "Return address", if that is anything other than a blizzard.com address then the email is bogus. On all of the WoW related phishing email, the ones that are not legit have some hotmail.com or other nonblizzard address. When I did finally get some real wow email (I race changed a character recently), I checked it and it had a blizzard.com return address.
Remember, NEVER EVER click a link that appears in the email. Always go to the site's homepage linked in the email and find the destination yourself. That's the safest way. I guess the links from MMORPG.com are legit, but it wouldn't be too hard to spoof those addresses to go to a phishing site or one that would DL malware.
Funny to see how MMORPG.com staff doesn't stick to their own rulses.
AFIAK there's a special trheat for "My account has been compromised". Then why is staff allowed to make a seperate post about it..? It's not that I do care extra about the compromised accounts of MMORPG.com staff members...
It seems this happens a lot! I had this experience, had to change my battle.net account to a different email and the old one still gets about 3 phishing emails a day. Blizzard got off to a slow start in fixing things but then really bent over backwards to get things right. My hacker had transferred some toons and I didn't want to pay to put them back and Blizz finally came through. Even though I was a hater, they won me over.... and that's hard to do.
Ah yes,phone number is not free from our country and it charges like for international call,so spending 45minutes on the line cost you more than purchasing 2 new wow boxes
And when i got hacked one day,they banned me for one month for "investgating",si i took 1 year break from wow.
Spambox in my mail is 90% filled with wow related fakemails,and when i bought digital copy of wotlk expansion from their official reseller,it came without free month,so i ended paying way more for it,with their reply that its perfectly ok,and they dont provide digital copy with free gametime.
Yeah my battle.net acount got hacked as well as my WOW account, went thru the online petition but only got the battle.net account back, after that got an authenicator so this would not happen again.
Got hacked once myself. In my case, I got an email notice about "unauthorized access" and found my password had been changed. I went through the process of getting the account back only to find someone had put an authenticator on it, too. Fortunately, it was pretty simple to get that removed. I downloaded the authenticator app for my iPhone and set it to my account.
The account had been inactive for 6 months. I have no clue how someone could have gotten into it. I have script blockers on my browser and don't download strange programs from sites I don't trust, and scan the hell out of the ones I download from sites I do trust. A couple months after getting my account back, I get another email from Blizzard. Apparently the people who hacked it had also payed for a month...then reversed the charge. Now Blizzard says I owe for that month before I can reopen my account. I was gonna come back to try the expansion, but I suppose Blizzard can go screw themselves now...
I still don't understand how so many people are being hacked. Use a secure password unique to WoW. Use an email address unique to WoW. Only login to Blizzard websites using a bookmark. Don't play on other people's computers. Use a minority web browser (and install noscript or the like) and email client. Apply updates immediately.
I'm also tempted to say get a Mac or run WoW in Linux using WINE or Crossover. But that would just invite trolling... ;-) Still, I run WinXP too and it's not _that_ hard to secure.
Just how are people constantly getting hacked? How is this still happening? I'm baffled.
If you're not part of the solution, you're part of the precipitate.
Never got hacked in over 5 years on any of my two wow accounts. By how people complains getting hacked often I think i should have gotten hacked atleast five times in that period.
There are a thousand ways of being hacked, not just keyloggers. My account was hacked months after I had stopped playing and canceled the account. I didn't even have the game installed anymore. It was a typical mass attack against many accounts at once (my brother's account, also canceled, was stolen at exactly the same time, but luckily only his login information was changed - nothing was taken or deleted from his characters.)
Neither of us recieved any notice of what was going on. I just decided to log into my battle.net account one day and noticed my account was active. Whoever re-enabled my account also used the refer-a-friend feature to start another account, and paid for 30 days gametime on that account - which enabled my own account for 30 days. I told my brother about it, and he checked his account and found that his login credentials had been changed, but no other activity had taken place.
The account restoration process was simple. There is an automated account recovery process and I had everything back to normal within a couple of hours of realizing my account had been stolen. Of course, this still requires a GM to hit the switch so to speak, but that's really the only wait time.
And to all who believe the authenticator is some kind of impenetrable black magic device, it isn't. It helps of course, but it is NOT total immunity to having your account hacked. Again, there are many ways - both more effective and easier than keylogging - to steal accounts, including ways of bypassing the authenticator altogether. These methods will not be made public or acknowledged of course, at least not by Blizzard.
P.S. - Blizzard let me keep the refer-a-friend gametime reward the attacker applied to my account, which let me play for free for 30 days, as well as the several thousand gold worth of items he farmed with my characters. Hopefully the person also pays for another 30 days so I can get the mount as well... ;-)
I was hacked just over a week ago, I haven't played in almost a year. A friend rang me to tell me my character was online and put in a ticket on my behalf. I went to Battle.net and started the process from there. Within half an hour or so the account was locked down and my character was offline, the hackers had had access to my acount for about two days. Being in Australia and with time differences I wrote Blizz a email and waited for a response.
At this point my account was locked down, and even though I had changed passwords and email addresses I still needed to contact them again. Rather than play email tag I called. I'm a night-owl so I had no issue waiting up till 1-2 am to make the call. It was all handled very quickly and I had my account back and access to WoW immediately after the call. Three of my characters were restored before I logged on to check the damage, and only one other needed restoration, this was handled very quickly too.
Now even though I don't intend to return to WoW I ordered the authenticator, to avoid any issues in the future if I do happen to play again. The authenticator arrived in 7 business days, the postage was a little pricey but there are other options if you don't want to spend the money on a physical authenticator.
My account getting hacked was my own fault, I had it attached to a not-very-secure email, my email was hacked and then my account.
My hot-tips for when you get hacked.
If you have a real-life friend in-game, get them to issue a ticket.
Follow the steps on the Blizz site for retrieving your account and call them asap.
When you get your account back, it is very possible it was activated on a stolen credit card, this does not mean you have a free month! The card owner will do a charge back and you will then be liable for the charges if you play it more than a few hours to get your characters sorted out.
If you are in Australia the number to call is 1800041378, I have skype, the call cost me nothing.
Be polite, the customer service people are not responsible for your account getting hacked, don't take it out on them.
I still don't understand how so many people are being hacked. Use a secure password unique to WoW. Use an email address unique to WoW. Only login to Blizzard websites using a bookmark. Don't play on other people's computers. Use a minority web browser (and install noscript or the like) and email client. Apply updates immediately.
I'm also tempted to say get a Mac or run WoW in Linux using WINE or Crossover. But that would just invite trolling... ;-) Still, I run WinXP too and it's not _that_ hard to secure.
Just how are people constantly getting hacked? How is this still happening? I'm baffled.
None of that matters. As I said in my previous post, there are many other ways to hack accounts, including en masse. Man-in-the-middle attacks, vulnerabilities in Blizzard's or other companies networks, etc. -- your account can be stolen in a thousand ways that require minimal or even no participation on your part at all.
Credit card account lists (by the thousands) are sold on underground markets, for example. How do you think these lists are obtained? Why would Blizzard or any other company not be susceptible to the same methods used against banks? Of course, they would be as tight-lipped about vulnerabilities or breaches as the banks are though.
Bottom line: nobody is perfect, including Blizzard, and always putting the blame on the user for having their account stolen is ignorant.
Well I have not played wow since oh about 2008. I get at least one email from blizzard about once a week stating that my account has been locked, after somebody other side of the world tried to brute force my account. I also use to get several emails trying to fish my account out with offers of free cataclysm, to the ones saying your account has been changed.
So what I did was change my email address from one that I don't have registered with mmorpg. Guess what In the past 3 weeks not one email from blizzard, not only that no more of those fake emails either trying to get me to give them my wow account. Coincidence, I think not.
There sure seams to be a lot of it going on. I had a friend a couple of weeks back who reported when he logged in he was stripped down to his underwear. They did not change his password or anything. They logged in and stripped down all his toons. The took all his gear sold, it and sold what they could, and got into the guild bank from what I understood.
Yeah my battle.net acount got hacked as well as my WOW account, went thru the online petition but only got the battle.net account back, after that got an authenicator so this would not happen again.
Do yourself a favor and top that off by adding their dial-in service. It is only a matter of time before the authenticators get jailbroke and then they won't be useful anymore. Until Blizzard takes the massive step of blocking access to the EU and US servers from Asian IPs, we'll be vulnerable to thieves that Blizzard can't prosecute. I'm all for them being able to play, on their own servers, but I don't the good of blocking them on our servers outweighs the bad PR of blocking them. They don't respect the game. Blizzard knows this needs to be done.
Comments
wow, wear your tinfoil hat much? Blizzard sells authenticators at cost (they are like $6.50). If you have an iPhone, or other smartphone you can DL the authenticator for your phone for Free (if it costs that's your carrier not blizzard).
BTW you can't write an addon that acts like a keylogger. The Addons exist in their own protected bubble in the WoW client while running. The Addon cannot pass data either into or out of an addon while the client if running. An addon is allowed to save a file to your character's data folder and to the generic folder that holds addon info. Blizzard added those limits into addons to prevent them from being used as malware.
If you have picked up a keylogger from an addon, it's because you downloaded the addon's archive from someplace other than Curse gaming, Wow Interface or WowUI.com all three of those sites check their addons for Virus load, and also make sure that what you DL is a .zip and not a .exe self extracting archive or installer. The latter are programs that run and that can be or act like trojan horses.
You can avoid a ton of malware by simply running Firefox and using adBlock. Adblock blocks all of those banner ads and other advertising crap that litter most websites. Many companies that sell those banners are less than diligent about making sure that ad headers don't contain malware. I know of more than one site that has had problems with ads that had malware payloads.
Also to the person who believes that hacks only happen on WoW. Think again. I know of people who have gotten hacked for all of their items and IG money on EQmac. That's a single server with a very small population, with accounts that can't even be transfered to other EQ servers. Hacks happen in every game. It's just a small enough problem with your run of the mill small population game.
WoW's population on all servers is so large that even a small percentage of people getting hacked is a huge money drain for blizzard. So it made sense for them to offer something like an authenticator. It saves them tons of money which is why authenticators went from $20 when they were introduced to $6.50 today (or free if you have a phone that can run the mobile authenticator prog).
The only thing that seems strange here, is that the majority of the hacks do not occur until after the account is deactive and no longer in use. Which means the hacker has to hack the system (username and PW, not blizzard), reactivate the account then put an authenticator on it all to get the stuff off it.
Seems a fair bit of cost (the monthly fee+ authenticator) to hack an old account. Just seems weird to me this didn't start until after the battle.net situation.
Help me Bioware, you're my only hope.
Is ToR going to be good? Dude it's Bioware making a freaking star wars game, all signs point to awesome. -G4tv MMo report.
Here is the best way to never get key logged.
Make a notepad document, type out your password in there and save it to your desktop. Every time you log into the game, just copy & paste your password. Add a authenticator on top of that and you should never worry about having your account broken into.
i wish people had other things to do in their lives except doing crap like this
Yeah, that CAN happen, but as soon as you log on again, it boots them. So they have about 30 seconds or less?
I think a big problem is, most casual computer users see that email "FROM BLIZZARD" about changes to their account, account suspected of being hacked, yadda yadda. 99% of the time it's not a real email.
If at ANY point you are concerned about your account, type in battle.net in your browser yourself, and then log in. That's so simple. But so many people lack common sense that I guess that is hard.
I'm sure someone has posted this already,
but just incase 4th line in you spelled better with a g.
I do not know if you ment to do that but just thought i would throw that out there.
;D
Lukain,
Call them. You may be on the phone for a while, but it is worth it.
I am in australia might be an expensive call..unless there is a aussie number I can call? I am currently on my 5th email & its looking like I will get my accounts but who know what they will be like when I do get em they may not have any characters I did have 5-6 characters maxed out & raid equiped .
My account was recently locked even though I haven't played in years. Damn hackers somehow got my info, and I guess used it to farm gold. It's takes a dirtbag to do something like this, but I pity their means of income, if anyone even purchases from them.
i got hacked twice. im a douche for answering the email to verify my battle.net account....twice. but got all me gear back both times within a week. im still a douche though lol
NEVER click a link that appears in an email. Even if that person is someone you trust. If you MUST put your machine in danger and click an email link, then first in your email client (or even webmail site) find the "Show headers" or better yet "Show Source". Look at the "Return address", if that is anything other than a blizzard.com address then the email is bogus. On all of the WoW related phishing email, the ones that are not legit have some hotmail.com or other nonblizzard address. When I did finally get some real wow email (I race changed a character recently), I checked it and it had a blizzard.com return address.
Remember, NEVER EVER click a link that appears in the email. Always go to the site's homepage linked in the email and find the destination yourself. That's the safest way. I guess the links from MMORPG.com are legit, but it wouldn't be too hard to spoof those addresses to go to a phishing site or one that would DL malware.
Funny to see how MMORPG.com staff doesn't stick to their own rulses.
AFIAK there's a special trheat for "My account has been compromised". Then why is staff allowed to make a seperate post about it..? It's not that I do care extra about the compromised accounts of MMORPG.com staff members...
It seems this happens a lot! I had this experience, had to change my battle.net account to a different email and the old one still gets about 3 phishing emails a day. Blizzard got off to a slow start in fixing things but then really bent over backwards to get things right. My hacker had transferred some toons and I didn't want to pay to put them back and Blizz finally came through. Even though I was a hater, they won me over.... and that's hard to do.
Ah yes,phone number is not free from our country and it charges like for international call,so spending 45minutes on the line cost you more than purchasing 2 new wow boxes
And when i got hacked one day,they banned me for one month for "investgating",si i took 1 year break from wow.
Spambox in my mail is 90% filled with wow related fakemails,and when i bought digital copy of wotlk expansion from their official reseller,it came without free month,so i ended paying way more for it,with their reply that its perfectly ok,and they dont provide digital copy with free gametime.
So my experience is exact opposite
Got hacked once myself. In my case, I got an email notice about "unauthorized access" and found my password had been changed. I went through the process of getting the account back only to find someone had put an authenticator on it, too. Fortunately, it was pretty simple to get that removed. I downloaded the authenticator app for my iPhone and set it to my account.
The account had been inactive for 6 months. I have no clue how someone could have gotten into it. I have script blockers on my browser and don't download strange programs from sites I don't trust, and scan the hell out of the ones I download from sites I do trust. A couple months after getting my account back, I get another email from Blizzard. Apparently the people who hacked it had also payed for a month...then reversed the charge. Now Blizzard says I owe for that month before I can reopen my account. I was gonna come back to try the expansion, but I suppose Blizzard can go screw themselves now...
I still don't understand how so many people are being hacked. Use a secure password unique to WoW. Use an email address unique to WoW. Only login to Blizzard websites using a bookmark. Don't play on other people's computers. Use a minority web browser (and install noscript or the like) and email client. Apply updates immediately.
I'm also tempted to say get a Mac or run WoW in Linux using WINE or Crossover. But that would just invite trolling... ;-) Still, I run WinXP too and it's not _that_ hard to secure.
Just how are people constantly getting hacked? How is this still happening? I'm baffled.
If you're not part of the solution, you're part of the precipitate.
Never got hacked in over 5 years on any of my two wow accounts. By how people complains getting hacked often I think i should have gotten hacked atleast five times in that period.
i believe quite many got foolen by the sneaky armory what looked excatly like the original but stole your login and password.
best way to defend so far is to buy the blizzard key generator.
cheers
There are a thousand ways of being hacked, not just keyloggers. My account was hacked months after I had stopped playing and canceled the account. I didn't even have the game installed anymore. It was a typical mass attack against many accounts at once (my brother's account, also canceled, was stolen at exactly the same time, but luckily only his login information was changed - nothing was taken or deleted from his characters.)
Neither of us recieved any notice of what was going on. I just decided to log into my battle.net account one day and noticed my account was active. Whoever re-enabled my account also used the refer-a-friend feature to start another account, and paid for 30 days gametime on that account - which enabled my own account for 30 days. I told my brother about it, and he checked his account and found that his login credentials had been changed, but no other activity had taken place.
The account restoration process was simple. There is an automated account recovery process and I had everything back to normal within a couple of hours of realizing my account had been stolen. Of course, this still requires a GM to hit the switch so to speak, but that's really the only wait time.
And to all who believe the authenticator is some kind of impenetrable black magic device, it isn't. It helps of course, but it is NOT total immunity to having your account hacked. Again, there are many ways - both more effective and easier than keylogging - to steal accounts, including ways of bypassing the authenticator altogether. These methods will not be made public or acknowledged of course, at least not by Blizzard.
P.S. - Blizzard let me keep the refer-a-friend gametime reward the attacker applied to my account, which let me play for free for 30 days, as well as the several thousand gold worth of items he farmed with my characters. Hopefully the person also pays for another 30 days so I can get the mount as well... ;-)
I was hacked just over a week ago, I haven't played in almost a year. A friend rang me to tell me my character was online and put in a ticket on my behalf. I went to Battle.net and started the process from there. Within half an hour or so the account was locked down and my character was offline, the hackers had had access to my acount for about two days. Being in Australia and with time differences I wrote Blizz a email and waited for a response.
At this point my account was locked down, and even though I had changed passwords and email addresses I still needed to contact them again. Rather than play email tag I called. I'm a night-owl so I had no issue waiting up till 1-2 am to make the call. It was all handled very quickly and I had my account back and access to WoW immediately after the call. Three of my characters were restored before I logged on to check the damage, and only one other needed restoration, this was handled very quickly too.
Now even though I don't intend to return to WoW I ordered the authenticator, to avoid any issues in the future if I do happen to play again. The authenticator arrived in 7 business days, the postage was a little pricey but there are other options if you don't want to spend the money on a physical authenticator.
My account getting hacked was my own fault, I had it attached to a not-very-secure email, my email was hacked and then my account.
My hot-tips for when you get hacked.
If you have a real-life friend in-game, get them to issue a ticket.
Follow the steps on the Blizz site for retrieving your account and call them asap.
When you get your account back, it is very possible it was activated on a stolen credit card, this does not mean you have a free month! The card owner will do a charge back and you will then be liable for the charges if you play it more than a few hours to get your characters sorted out.
If you are in Australia the number to call is 1800041378, I have skype, the call cost me nothing.
Be polite, the customer service people are not responsible for your account getting hacked, don't take it out on them.
None of that matters. As I said in my previous post, there are many other ways to hack accounts, including en masse. Man-in-the-middle attacks, vulnerabilities in Blizzard's or other companies networks, etc. -- your account can be stolen in a thousand ways that require minimal or even no participation on your part at all.
Credit card account lists (by the thousands) are sold on underground markets, for example. How do you think these lists are obtained? Why would Blizzard or any other company not be susceptible to the same methods used against banks? Of course, they would be as tight-lipped about vulnerabilities or breaches as the banks are though.
Bottom line: nobody is perfect, including Blizzard, and always putting the blame on the user for having their account stolen is ignorant.
Well I have not played wow since oh about 2008. I get at least one email from blizzard about once a week stating that my account has been locked, after somebody other side of the world tried to brute force my account. I also use to get several emails trying to fish my account out with offers of free cataclysm, to the ones saying your account has been changed.
So what I did was change my email address from one that I don't have registered with mmorpg. Guess what In the past 3 weeks not one email from blizzard, not only that no more of those fake emails either trying to get me to give them my wow account. Coincidence, I think not.
There sure seams to be a lot of it going on. I had a friend a couple of weeks back who reported when he logged in he was stripped down to his underwear. They did not change his password or anything. They logged in and stripped down all his toons. The took all his gear sold, it and sold what they could, and got into the guild bank from what I understood.
I've never been hacked.
Never type your password.
1) Make a txt file with a list of about 100+ passwords JGHJ123kjh98 type of mess.
2) Copy paste your password into the login. Ctrl C (copy), CtrlV (paste).
Works for me. Simple and done in a flash. Works for most games out there.
Do yourself a favor and top that off by adding their dial-in service. It is only a matter of time before the authenticators get jailbroke and then they won't be useful anymore. Until Blizzard takes the massive step of blocking access to the EU and US servers from Asian IPs, we'll be vulnerable to thieves that Blizzard can't prosecute. I'm all for them being able to play, on their own servers, but I don't the good of blocking them on our servers outweighs the bad PR of blocking them. They don't respect the game. Blizzard knows this needs to be done.
This is a common fallacy, with this method the password is stored in the clip board and still easily retrieved.