Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

I don't know how and I don't know why

2»

Comments

  • Daffid011Daffid011 Member UncommonPosts: 7,945

    Originally posted by SuperXero89

    Why would they go on some anti-account hacking crusade when they're selling authenticators on the Blizzard store?

    How many people have you heard quit the game forever, because they were hacked? 

    Not to mention blizzard has far more ways to get authenticators for FREE, but no one wants to break up your little conspiracy theory with facts.  

  • Daffid011Daffid011 Member UncommonPosts: 7,945

    Originally posted by sungodra

    I am not too pleased, I never went to any site and put in my info , so I know it was through no fault of my own. Not sure how this even happened really. How do these people get your info if you are too smart for the phish attempts, hell I don't even use that email that much , when I do I just log in and check things to make sure the email does not go inactive for too long.

    You may not like it, but that is a very common misconception.  While it is possible that someone gained access to your account through other means, the most common is user error.  Even if they did nothing wrong like fall victom for a phishing email.  There simply is no possible way for anyone to say they are 100% safe or did nothing incorrect. 

    Just for example all a hacker really needs is access to an email account that is associated to the wow account.  From there they can pretty much do anything they  want and cover their tracks without the user being any the wiser.

    Compound that by the fact that all the major gaming sites are owned by gold sellers.  Wowhead, thottbot, mmochampion, curse, etc.  All owned by gold sellers.   All have massive databases of information that users have supplied at one time or another.

     

    There really are a ton of ways to get hacked without having the slightest idea of what happened.  Hacking accounts is big money for gold sellers, so until people stop buying gold then more accounts will get hacked.  Sorry your account was hacked. 

  • MMOrUSMMOrUS Member Posts: 414

    Originally posted by sungodra

    but somebody has hacked into my wow account and I don't appreciate it.

     

    I haven't played this game in a while, I was told by my brother and his friends that somebody was running around on my toon, and they thought it was me but it wasn't.. This was months ago I didn't believe it, just yesterday or so I tried to log in after getting few messages , and the name on the account was changed aswell as the password and email.

     

    I am not too pleased, I never went to any site and put in my info , so I know it was through no fault of my own. Not sure how this even happened really. How do these people get your info if you are too smart for the phish attempts, hell I don't even use that email that much , when I do I just log in and check things to make sure the email does not go inactive for too long.

    I know how it feels to get hacked, it happened to my account and then my sons account, when authenticators became available we did the sensible thing and bought 1 each.

    You know the solution to your issue yet you won't take it.

    I also suspect Blizzard are not exactly in any hurry to purge or investigate suspicous activities on accounts that have been reactivated after being dormant for some time, it's in their interests to keep these accounts as they are still bringing in revenue, they aren't going to care if it's a goldseller/powerlvler playing your account, so long as the subscription is paid each month it makes very little difference to them who owns the account.

    As for my own hacking incident, well I knew I was to blame, I used a gold selling site, within the space of 1 week I was hacked, likewise with my son, I suspect those that are telling us "No we haven't done anything to allow a hacker into our accounts" aren't being all that honest, or are leaving out little bits of vital info, you don't just randomly get hacked, you make yourself a target by doing something you really shouldn't be doing.

     

     

  • Lille7Lille7 Member Posts: 301

    If you are using the same email adress for your wow account as you do for some forums, they can get access to it through them. Sites like this, mmo-champion, curse and others. I know that on mmo-champion some people are actually showing their email adress on the forums, because they didn't check the option to hide it.

    Now if they get your email adress, they can brute force the password.

    And that's just one way into your account. Lost my own account sometime during this winter ( not playing wow for over a year), and don't know how.

  • ThekandyThekandy Member Posts: 621

    Keyloggers, unless you're running linux chances are that you have them on your computer.

    Browser security holes, flash auto-storage, even some images. These can all net you a keylogger, and for all you homebanking MMO players, this is quite bad.

    How can you avoid them? Firefox with noscript and adblock installed, Google Chrome with the equivalent, virus scans at least once a week, malware scans ditto and get a good firewall.

    It's very unlikely that you got hacked, most likely you fell for a phishing email, gained a keylogger somehow or you gave your login to a "friend," you could have been bruteforced but that's a 0.001% chance, someone decrypting the blizzard login storage server how about no.

    Also last but not least, Blizzard made authenticators practically free for your browser-capable phone, use it.

  • abyss610abyss610 Member, Newbie CommonPosts: 1,131

    call it what you want but you hear about it ALOT more SINCE they added the authenticators. before that i knew 1 person that lost thier account, now i know atleast 10 that got "hacked" months AFTER they quit the game. always after they'd been gone for months just seems odd. i quit a long time ago, and when i saw they had made authenticators for ipod touches i got one logged into my account and added it but didn't sub. got it just as a measure, i don't see me going back again but who knows hell could freeze over.

  • seraphis79seraphis79 Member UncommonPosts: 312

    That sucks. 

    My brother had his account hacked and I noticed him log on one day when he was suposed to be working.  I sent him a message jackin' him about playing and not being at work and he didn't respond.  I figured, ok maybe he went afk to check on his son or something. 

    I messaged him a few minutes later.  Nothing back.  I did notice that he had changed zones though.  He was going from Wintergrasp to whatever those zones connecting to there are (I forget now...Icecrown? and one other).  I decided I would go check out what was going on in Wintergrasp since it wasn't supposed to take place for another hour or more. 

    I get there and I see he just swapped from one of those zones back to Wintergrasp so I had a general location.  By chance I came across his toon going from mining node to mining node on his griff.  I called him up on the phone and still no answer.  I submitted a report to a GM stating my brother's account has been hacked and the hacker is currently online with his location being . . . and all that good stuff. 

    They ended up wiping him and his guild bank out.   Blizz was ok about getting his toons that were deleted back, but as far as the gear and gold went they gave him some generic greens just to get him going.

    Not sure how they do it but they changed his authenticator number and password.

    Fortunately, I've never been in the same situation. 

  • AntariousAntarious Member UncommonPosts: 2,846

    Originally posted by Kyleran

    If you now or ever have used Add-in's to WOW (and how many people don't?)  then that is likely the place you picked up the keylogger. 

    Another issue is many people use the same user log in name and passwords for multiple games, so perhaps your ID info got jacked while logging into a different game.

     

    That is one possibility.   When I last played WoW it was with my girl friend.   We started playing toward the end of October 2010 totally fresh start etc   Anyway when Cata launched we hadn't had any issues.   In fact in having played MMO's since 1997 I've never had an account issue.   She woke me up one morning to tell me that one of my characters was logged in.

     

    I logged into the account page and none of the information had been changed.   So I changed the password and logged onto the account because I knew it would kick them off.   Not long after I get kicked off and one of my other characters is online again.. this after I changed the password.   So I decided the most obvious route was there was a keylogger somehow.. so I shut that computer down.

     

    I then moved to a system I had just built that only had a fresh install of Win 7 (with updates) and WoW with no add-on's.   We did use a paticular add on that we both downloaded (guild required) from curse.com.   However, her account never had any problems so that seems unlikely

     

    Anyway this "new computer" was also on my backup isp so it wasn't even networked with the others.   I logged into the account page again and changed the password again.   I log in again kicking the account intruder off and within moments I'm kicked and one of my characters is back on...

     

    Now at this point my point of view on "what was going on.. changed a bit" because at a certain point .. its just not possible for someone outside to have access to a machine that hasn't been anywhere but "windows update" and one other companies website(blizzard) for a digital download...

     

    Oddly enough when I used the little "my account was hacked" link and it reset the password the issues stopped.   I got the items back etc but we pretty much left the game over that.  *edit*  To be more clear when you use that "my account was hacked" it sends a link to your email.   So your account is locked until you click that link and reset the password.   I let it sit there for a while as I started to check the computers over.   The account was never accessed again from outside and has been inactive since our time in Dec ran out. 

     

    Since we left I have occasionally looked at the account pages for our accounts.. none of them have been accessed since we left.   There are a lot of things about the incident that bothered me:

     

    Login information was never changed and almost every person I've read who said they were hacked.. it had been changed.

     

    I know no one got my email information to gain access to the account.. because.. using the "forgot password" option automaticly makes you assign a new password.

     

    No keylogger was ever found... the third system I used (the newly built one) even after I changed the password from that.. someone was back on my account ..  I can assume that my main system could have been compromised but there is no way this computer could have been..

     

    and assuming that it had.. why did they never access the account again as I obviously never found any method that was used to gain access.

     

    Only a few of my characters had been stripped but they were mailing all the gold to one of my own characters.   That really made no sense as this was going on around 7am eastern... its a time you could expect someone to log in.. you don't change the password and all the gold you are trying to "steal" you are mailing to one of the characters on the account...  So obviously if you are "caught" you gained absolutely nothing because you are then locked away from the gold. 

     

    Anyway its the only account problem I have ever had..  and I don't honestly know who or how.. but I certainly can say it felt like an employee.   They can tell me how few people have access to your account information... but it wasn't long ago a major bank near here had employees arressted for selling customer account data.   I would certainly hope that a bank has at least as many employee safeguards as an MMO...

     

    Currently if the person who jacked the account emailed me.. I would give them the accounts because we'll never go back to WoW.

  • wildtalentwildtalent Member UncommonPosts: 380

    I've said it before and I will say it again.  I whole-heartedly believe that at least some of these account thefts are commited by people who work at Blizzard.  There is a lot of money to be made in the MMORPG black market business.

    image
  • SyllendaleSyllendale Member UncommonPosts: 162

    It hasnt happened to me yet (thank god) but I've had the numerous emails asking for crap. True, I havent played in years but still, I dont like to feel violated ya know? I'm sorry the OP has such an issue, as well as everyone else. Now here comes the fun part.....

    .. .Its a conspiracy man!!.. Cats infact DO love dogs! Justin Beiber is hiding Micheal Jackson in his garage! And, its Blizzard thats "hacking" your own accounts!, its a scheme to sell authenticators, rise up!!...  Oh sorry, **hands Elvis the newspaper**, forgot you were still here. ( hehe ) 

  • ThekandyThekandy Member Posts: 621

    Originally posted by wildtalent

    I've said it before and I will say it again.  I whole-heartedly believe that at least some of these account thefts are commited by people who work at Blizzard.  There is a lot of money to be made in the MMORPG black market business.

    I hope you're referring to corrupt employees because to state that Activision/Blizzard would sell login information to a third party is pretty paranoid at best and vicious slander at worst, do you have any idea how harmful such practices could be to them?

  • AntariousAntarious Member UncommonPosts: 2,846

    Originally posted by Thekandy

    Originally posted by wildtalent

    I've said it before and I will say it again.  I whole-heartedly believe that at least some of these account thefts are commited by people who work at Blizzard.  There is a lot of money to be made in the MMORPG black market business.

    I hope you're referring to corrupt employees because to state that Activision/Blizzard would sell login information to a third party is pretty paranoid at best and vicious slander at worst, do you have any idea how harmful such practices could be to them?

     

    I'd assume that line "people who work at blizzard" is meaning employees and has nothing to do with the actual company.

     

    I was a "smurf" in Ultima Online during the GM Darwin incident.. I had even worked with him on quite a few issues.   If you aren't familiar with that case.. it wasn't account theft.   There was no place to put new housing.. GM Darwin was using his GM tools to place buildings.. and was then listing them on ebay.

     

    OSI/EA certainly didn't endorse that practice.

  • IcewhiteIcewhite Member Posts: 6,403

    Originally posted by Lille7

    If you are using the same email adress for your wow account as you do for some forums, they can get access to it through them. Sites like this, mmo-champion, curse and others. I know that on mmo-champion some people are actually showing their email adress on the forums, because they didn't check the option to hide it.

    Guild forums often give away email addresses too.  So many of them are built on "free web hosting servers" that are not known for being terribly secure.

    Always have a junkmail-only email address handy for any nosy webform that demands you enter one.

    Self-pity imprisons us in the walls of our own self-absorption. The whole world shrinks down to the size of our problem, and the more we dwell on it, the smaller we are and the larger the problem seems to grow.

  • paroxysmparoxysm Member Posts: 437

    Originally posted by Lille7

    If you are using the same email adress for your wow account as you do for some forums, they can get access to it through them. Sites like this, mmo-champion, curse and others. I know that on mmo-champion some people are actually showing their email adress on the forums, because they didn't check the option to hide it.

    Now if they get your email adress, they can brute force the password.

    And that's just one way into your account. Lost my own account sometime during this winter ( not playing wow for over a year), and don't know how.

    While this is generally a good idea, it does not help with WoW.  I have a separate email for WoW that I have never used for anything else.  It also has a name@ that is not used by me in any other email I have.  Even though I stopped playing WoW and I still haven't used it for anything else, it still gets tons of spam and WoW phishing attempts.  Phishing attempts that I do not get to any other of my other email addresses.  It also got Rift phishing emails the moment it went live.  It gets more spam mail than any other email account I have.  Somewhere along the line, these email accounts are being leaked and specifically targeted. It's not on my end and I have never had someone access my account and I played from just before TBC to just before Cata.

    Forcing people to use an email account as their login name that is also their contact email is a pretty bad security issue.  How many people will not start an email account just for a game and not use it for anything else?  A lot, but not all.  As you said, a lot of people are not in the habit of hiding their email addresses or having a large amount of them for various reasons.  I've been in the habit for years.  I even got into the habit of using different forms of my name when I sign up for something from brick and mortar places.  That way when you get spam snail mail, they use the spelling they got from the person who sold you out.  I'm sure my mail person hates me, but it shows you that you can't trust damn near anyone with your information. Let alone online where you are even more of just a number.

  • sungodrasungodra Member Posts: 1,376

    Originally posted by Icewhite

    Originally posted by Lille7

    If you are using the same email adress for your wow account as you do for some forums, they can get access to it through them. Sites like this, mmo-champion, curse and others. I know that on mmo-champion some people are actually showing their email adress on the forums, because they didn't check the option to hide it.

    Guild forums often give away email addresses too.  So many of them are built on "free web hosting servers" that are not known for being terribly secure.

    Always have a junkmail-only email address handy for any nosy webform that demands you enter one.

     i dont really use that email for much of anything anymore.

    image


    "When it comes to GW2 any game is fair game"

  • WraithoneWraithone Member RarePosts: 3,806

    Originally posted by jmsgalla

    That sucks. 

    My brother had his account hacked and I noticed him log on one day when he was suposed to be working.  I sent him a message jackin' him about playing and not being at work and he didn't respond.  I figured, ok maybe he went afk to check on his son or something. 

    I messaged him a few minutes later.  Nothing back.  I did notice that he had changed zones though.  He was going from Wintergrasp to whatever those zones connecting to there are (I forget now...Icecrown? and one other).  I decided I would go check out what was going on in Wintergrasp since it wasn't supposed to take place for another hour or more. 

    I get there and I see he just swapped from one of those zones back to Wintergrasp so I had a general location.  By chance I came across his toon going from mining node to mining node on his griff.  I called him up on the phone and still no answer.  I submitted a report to a GM stating my brother's account has been hacked and the hacker is currently online with his location being . . . and all that good stuff. 

    They ended up wiping him and his guild bank out.   Blizz was ok about getting his toons that were deleted back, but as far as the gear and gold went they gave him some generic greens just to get him going.

    Not sure how they do it but they changed his authenticator number and password.

    Fortunately, I've never been in the same situation. 

     

    Likely social engineering. Defeating an authenticator is theoretically possible, but VERY rare and exceptional.  With most people, its likely a keylogger.  One possible way around an authenticator, is as I said, social engineering. Someone who gains access to just enough real information to be able to BS their way on the phone, through Blizzards system.  Employees are one of the single most vulnerable access points, into even a well secured system.  

    "If you can't kill it, don't make it mad."
  • pfloydguy84pfloydguy84 Member UncommonPosts: 149

    Hacking happens most with WoW because it's by far the most popular sub game, not because blizzard doenst care.You can buy an authenticator for 7 bucks and you get a free in game pet.Or you can get an authenticator for free from them if you have a mobile phone with internet.My account was hacked once before I had an authenticator, and it was very easy for me to get my account back AND ALL of my items and gold my character had and they even gave me free gold and heroic dungeon tokens (forget what they used to be called).

    I would say customer service is great for WoW, esp considering how huge the game is.They even have sticky threads in the forums that tell you what to do if you got hacked.

  • majimaji Member UncommonPosts: 2,091

    Played WoW for years and years since it's beta. Never had an authenticator. Never got hacked anyway. Because I know how to handle sensitive information.

    Let's play Fallen Earth (blind, 300 episodes)

    Let's play Guild Wars 2 (blind, 45 episodes)

  • TokyojoeTokyojoe Member Posts: 49

    I am a pirate who lives on a small island off the coast of Somalia. We also have Nigerians and Chinese here. Your base more belong us now.

    I may know the least here,but I am the loudest about what I do know.

  • futnatusfutnatus Member Posts: 193

    Huh, after so many people saying it happened to them just when they went off Wow for a while and no one had any access to their game information, except for Blizzard itself, it does feel like an inside job.  There's some creepy guy sitting at one of the possibly many user information database desks at Blizzard's place of operations and picking random names and selling them off to the highest bidders somewhere.

    How do I know?  Because why not.  He's(they are), most likely making more money than he(they) gets in wages.  It's all a massive conspiracy.

  • paroxysmparoxysm Member Posts: 437

    Originally posted by Wraithone

    Originally posted by jmsgalla

    That sucks. 

    My brother had his account hacked and I noticed him log on one day when he was suposed to be working.  I sent him a message jackin' him about playing and not being at work and he didn't respond.  I figured, ok maybe he went afk to check on his son or something. 

    I messaged him a few minutes later.  Nothing back.  I did notice that he had changed zones though.  He was going from Wintergrasp to whatever those zones connecting to there are (I forget now...Icecrown? and one other).  I decided I would go check out what was going on in Wintergrasp since it wasn't supposed to take place for another hour or more. 

    I get there and I see he just swapped from one of those zones back to Wintergrasp so I had a general location.  By chance I came across his toon going from mining node to mining node on his griff.  I called him up on the phone and still no answer.  I submitted a report to a GM stating my brother's account has been hacked and the hacker is currently online with his location being . . . and all that good stuff. 

    They ended up wiping him and his guild bank out.   Blizz was ok about getting his toons that were deleted back, but as far as the gear and gold went they gave him some generic greens just to get him going.

    Not sure how they do it but they changed his authenticator number and password.

    Fortunately, I've never been in the same situation. 

     

    Likely social engineering. Defeating an authenticator is theoretically possible, but VERY rare and exceptional.  With most people, its likely a keylogger.  One possible way around an authenticalor, is as I said, social engineering. Someone who gains access to just enough real information to be able to BS their way on the phone, through Blizzards system.  Employees are one of the single most vulnerable access points, into even a well secured system.  

    Authenticators could be defeated with a "man in the middle" attack.  With some dll hijacking similar to what a lot of fake virus/malware scanners are doing, a person could get into your account.  Basically, they'd get you to get the authenticator code and prevent your WoW client from actually connecting while they use that code to log into your account.  It's already happened and has been talked about quite a bit.  It's just less common because it's a lot more time sensitive. 

    Security is about layers and good practices.  You can never count on any one thing to keep you safe.

  • alakramalakram Member UncommonPosts: 2,301

    I never got my WoW account hacked.

    I dont play WoW, never played it, problem solved.

    image



  • paroxysmparoxysm Member Posts: 437

    Originally posted by pfloydguy84

    Hacking happens most with WoW because it's by far the most popular sub game, not because blizzard doenst care.You can buy an authenticator for 7 bucks and you get a free in game pet.Or you can get an authenticator for free from them if you have a mobile phone with internet.My account was hacked once before I had an authenticator, and it was very easy for me to get my account back AND ALL of my items and gold my character had and they even gave me free gold and heroic dungeon tokens (forget what they used to be called).

    I would say customer service is great for WoW, esp considering how huge the game is.They even have sticky threads in the forums that tell you what to do if you got hacked.

    While I agree that popularity is a big reason why WoW is targeted, their customer service and forums moderation is not adequate or professional acting the majority of the time.  That popularity isn't the real problem though.  The problem is that people continue to pay real money for that stolen gold/items.  If people didn't buy, it wouldn't be worth it for them to farm and steal.  Supply/Demand.

     

    Also, as I said above, authenticators are not fool proof.  People need to take better care of their own systems.  They need to take responsibility for their account security as well.  No one can help you if your system is compromised.  It will just happen again.

  • WraithoneWraithone Member RarePosts: 3,806

    Originally posted by paroxysm

    Originally posted by Wraithone


    Originally posted by jmsgalla

    That sucks. 

    My brother had his account hacked and I noticed him log on one day when he was suposed to be working.  I sent him a message jackin' him about playing and not being at work and he didn't respond.  I figured, ok maybe he went afk to check on his son or something. 

    I messaged him a few minutes later.  Nothing back.  I did notice that he had changed zones though.  He was going from Wintergrasp to whatever those zones connecting to there are (I forget now...Icecrown? and one other).  I decided I would go check out what was going on in Wintergrasp since it wasn't supposed to take place for another hour or more. 

    I get there and I see he just swapped from one of those zones back to Wintergrasp so I had a general location.  By chance I came across his toon going from mining node to mining node on his griff.  I called him up on the phone and still no answer.  I submitted a report to a GM stating my brother's account has been hacked and the hacker is currently online with his location being . . . and all that good stuff. 

    They ended up wiping him and his guild bank out.   Blizz was ok about getting his toons that were deleted back, but as far as the gear and gold went they gave him some generic greens just to get him going.

    Not sure how they do it but they changed his authenticator number and password.

    Fortunately, I've never been in the same situation. 

     

    Likely social engineering. Defeating an authenticator is theoretically possible, but VERY rare and exceptional.  With most people, its likely a keylogger.  One possible way around an authenticalor, is as I said, social engineering. Someone who gains access to just enough real information to be able to BS their way on the phone, through Blizzards system.  Employees are one of the single most vulnerable access points, into even a well secured system.  

    Authenticators could be defeated with a "man in the middle" attack.  With some dll hijacking similar to what a lot of fake virus/malware scanners are doing, a person could get into your account.  Basically, they'd get you to get the authenticator code and prevent your WoW client from actually connecting while they use that code to log into your account.  It's already happened and has been talked about quite a bit.  It's just less common because it's a lot more time sensitive. 

    Security is about layers and good practices.  You can never count on any one thing to keep you safe.

     

    I know. Thats why I said it was theoretically possible.  ^^ But creation of such takes very specialized skills, and knowlege thats rather beyond the vast majority of those who traffic in such things. The rumor is that the Russian mafia is involved in that. If so, they would have (or be able to purchase) the skills and knowledge required.  But until more is known, its all speculation.  In the over whelming majority of cases, its a keylogger. 

    "If you can't kill it, don't make it mad."
Sign In or Register to comment.