Oh Noes!!!1!1!1one: I've been hax0red!
by Amanda Dean 
Feb 5th 2008 at 5:30PM
On Saturday night I noticed a guildie acting strangely. He kept switching between characters and wouldn't respond to tells from even his closest friends in the guild. Concerned about him, we gave him a call... on the phone, to see what was up. You guessed it, he was nowhere near his computer at the time. He went to log in and found his password was changed. Unfortunately, he had also forgotten the correct response to his secret question "What is your favorite activity?" The hacker kept running in and out of the Shadow Labyrinth. I checked the customer service forums and found that this was common behavior among hackers. Either there is an exploit in that instance, or hackers just really enjoy hanging out with Blackheart the Inciter. I'm leaning toward the latter.
I also found that I was not able to seek help in this matter, that a game master would only take action for the owner of the account sending a message from the (compromised) account. I did the only thing I could do: I called the guild master and asked him to kick the hacked player from the guild. (Note to self: calling the GM at 2AM is a bad thing.) Interestingly enough, the only things ninja'ed from the guild bank were of little value like stacks of uncut Golden Draenite and Netherweave Cloth. Two days, and an exhaustive list of humorous yet largely unhelpful, suggestions later, he's got his account back with a nerfed rogue, a naked shaman, and a massive list of blue-quality items on the auction house.
Of course the question arises, how did the hacker get a hold of this guy's account info in the first place. We suspect that since his home computer was indisposed, he was likely keylogged while using a local LAN center to get his WoW fix. Lesson learned and computer fixed. If you do have to play on a foreign computer, you might want to consider copying and pasting your username and password so that there is no chance for this information to be keylogged. Vrakthris posted a guide to what happens in the recovery of a compromised account on the customer service forums.
Eyonix has recently posted a reminder about account security in the official forums. The post indicates that players should always use the Blizzard launcher to start the program and to maintain updated operated systems. Eyonix asks users report suspicious links or programs.You and I can learn take away two important bits of information from this experience. First, if a guildie begins acting in a suspect manner, especially if it involves S-labs, it's probably best to contact them outside of game as quickly as possible. Also, it's definitely advisable to choose something a little less ambiguous for your secret question than "what is your favorite activity?"
EDIT: Added Blizzard's suggestions for account security.
Filed under: Analysis / Opinion, Odds and ends, WoW Rookie, Forums
Reader Comments (Page 1 of 6)
Milktub Feb 5th 2008 5:38PM
I hear theres a Black Market in the SLabs run by Blackheart. He buys stolen goods, tax free.
Turoc Feb 5th 2008 5:39PM
Didn't you know? A tunnel to the black market is being built under Shadow Labyrinth
JPN Feb 5th 2008 5:40PM
what kind of exploit would there be in slabs to do anything cool?
Chris Heald Feb 5th 2008 5:41PM
copy/pasting won't do you any good if the computer is infected with one of the WoW-targeted keyloggers. The most recent crop just watches the memory space in the WoW executable that stores your password, and sends it off when ti changes. You could paste it in, enter it via hand guestures, or any number of other things and it'd still pick it off accurately.
jrb Feb 6th 2008 4:28AM
that wouldn't work on vista.
nav Feb 6th 2008 8:09AM
That might not, but can the keylogger still access the clipboard contents? If so, same result.
nav Feb 6th 2008 8:08AM
That might not, but can the keylogger still access the clipboard contents? If so, same result.
Makros Feb 6th 2008 10:37AM
@jrb
Does anything work on Vista?!?
peaglemancer Feb 5th 2008 5:42PM
The lesson here is never leave your house - for any reason.
Yves Feb 5th 2008 5:45PM
My guess would be that he used the compromised account to use a teleportation hack to open chests, leave, reset and repeat.
Slave pens and Steamvaults are often used instances for the same kind of abuse of hacked accounts as well.
On topic, it defiantly makes me a little bit more worried that i actually logged on a few of the "less technology educated" friends of mine, to show off characters with in the last few days.
Always thought i was too cleaver to be vulnerable for any kind of password stealing *crossing my fingers*
Shadowisp Feb 6th 2008 12:02AM
Teleportation hack is the correct assumption, especially if it was your friends rogue being used.
Explains the Blues on the AH too. Chest Loot.
Eternalpayn Feb 5th 2008 5:46PM
A guildie of mine actually just had this happen to them. They got their question right, got their account back, and found all their gold gone. However, they had 20 stacks of every Primal thing there is.
Mike Feb 5th 2008 6:05PM
I had something similar happen to me. I assumed I interrupted them in the middle of dumping my stuff since some of my character were completely naked with empty inventory, and others were untouched (one with close to 1000G). I scanned my computer multiple times with at least 3 different checkers, and all came up clean. I'm still trying to figure out how my account got compromised. Everybody that knows me was shocked too. My wife calls me "tin-foil-hat-paranoid", but apparently I wasn't paranoid enough at least one time.
lucifer.cross Feb 7th 2008 9:17AM
/agree
This has happened to not one, but two guildies recently. Seperate occasions, mind you, but even still. And one of them is a total tech geek who's smart enough to run virus scans, and the like regularly. But he still got hacked. Something fishy going on lately.
Darkwarder Feb 5th 2008 5:54PM
I'm not quite sure, but running into an instance has something to do with making some of the things unrecoverable. The hacker may have sold off as much stuff as they could and transferred the gold, but in this example they are also being malicious.
Philip Feb 5th 2008 5:55PM
I've seen this happen to people I know, too. I find that this always happens to people that fall under 1 of two categories: 1) computer illiterate (or not so literate) add-on junkies. Or 2) people that share their login with others.
Number 2 seems to be quite a common one. Nobody thinks their friend(s) will ever hack their account. And to be honest, they probably would never. However, that doesn't say they could get a keylogger installed onto their system, completely exposing your info when they login.
But there are other factors, too, such as using the same name / password on other forums (bad bad idea). And just telling trade channel your login info. Hey, who said all players were intelligent?
Nogun Feb 5th 2008 6:02PM
"The hacker kept running in and out of the Shadow Labyrinth."
Saw the same with 2 guildies that got hacked, all gear returned after 3 weeks but neither got their gold back.
briker Feb 5th 2008 6:11PM
We had similar behavior from a guildie last week. Logging onto alts, not responding to anyone's tells, not coming to raid, and eventually, a "Player not found" message on guild and friends list. By all indications, a compromised account. However, after much drama (raid cancelled, everyone changing account info, forum logins, in case the forums had been compromised), he popped up on the forums saying he had (ninja) transferred to the new Ghostlands server. Quite a few bad feelings on that one....
briker Feb 5th 2008 6:12PM
A guildie came on and said his accounts (7!!! of them) had been hacked. He has 10 lvl 70 alts. 54,000!!!! gold. Gone. We all died a little inside. However, Blizzard was able to restore his characters and items, but not his gold. He has since decided to take a little break from the game. Too much intensity.
Scoottie Feb 5th 2008 6:17PM
Only your Gm can kick people? That's a little strange and restrictive.