Oh Noes!!!1!1!1one: I've been hax0red!

by Amanda Dean Feb 5th 2008 at 5:30PM

On Saturday night I noticed a guildie acting strangely. He kept switching between characters and wouldn't respond to tells from even his closest friends in the guild. Concerned about him, we gave him a call... on the phone, to see what was up. You guessed it, he was nowhere near his computer at the time. He went to log in and found his password was changed. Unfortunately, he had also forgotten the correct response to his secret question "What is your favorite activity?"

The hacker kept running in and out of the Shadow Labyrinth. I checked the customer service forums and found that this was common behavior among hackers. Either there is an exploit in that instance, or hackers just really enjoy hanging out with Blackheart the Inciter. I'm leaning toward the latter.

I also found that I was not able to seek help in this matter, that a game master would only take action for the owner of the account sending a message from the (compromised) account. I did the only thing I could do: I called the guild master and asked him to kick the hacked player from the guild. (Note to self: calling the GM at 2AM is a bad thing.) Interestingly enough, the only things ninja'ed from the guild bank were of little value like stacks of uncut Golden Draenite and Netherweave Cloth. Two days, and an exhaustive list of humorous yet largely unhelpful, suggestions later, he's got his account back with a nerfed rogue, a naked shaman, and a massive list of blue-quality items on the auction house.

Of course the question arises, how did the hacker get a hold of this guy's account info in the first place. We suspect that since his home computer was indisposed, he was likely keylogged while using a local LAN center to get his WoW fix. Lesson learned and computer fixed. If you do have to play on a foreign computer, you might want to consider copying and pasting your username and password so that there is no chance for this information to be keylogged. Vrakthris posted a guide to what happens in the recovery of a compromised account on the customer service forums.

Eyonix has recently posted a reminder about account security in the official forums. The post indicates that players should always use the Blizzard launcher to start the program and to maintain updated operated systems. Eyonix asks users report suspicious links or programs.

You and I can learn take away two important bits of information from this experience. First, if a guildie begins acting in a suspect manner, especially if it involves S-labs, it's probably best to contact them outside of game as quickly as possible. Also, it's definitely advisable to choose something a little less ambiguous for your secret question than "what is your favorite activity?"

EDIT: Added Blizzard's suggestions for account security.

Tags: account, customer-service, exploit, game-master, hack, hacker, keylogged, keylogger, password, shadow-labrynth, Shadow-Labyrinth

Filed under: Analysis / Opinion, Odds and ends, WoW Rookie, Forums

Reader Comments (Page 3 of 6)

darian Feb 5th 2008 7:02PM

I have the reverse experience. Most of my Mac friends are very computer literate, most of my PC friends live by Mr. Burns' method of hoping all the viruses will balance out.

Anecdote vs Anecdote. Who will survive?

p-diddy Feb 5th 2008 7:03PM

wow. Stereotype much?

p-diddy Feb 5th 2008 7:06PM

my response was to the OP, btw.

Charlie Taylor Feb 5th 2008 10:35PM

Wow...

Please, if you can, describe the innermost workings of a Bayer-pattern CMOS sensor. Ok, now compare/contrast the benefits and disadvantages to a CCD.

Not computer related? Ok, I'll give you that. Can you build/rebuild any computer on the market (I can't, but I'm willing to try). Now tell me the difference of USB, USB 2.0, USB 3.0, Firewire 400, Firewire 800, and Firewire 3200. What are the differences between the RISC and SISC platforms, and which respective architectures are they commonly associated with? What does DDR stand for in relation to computers? (hint: it's not Dance Dance Revolution).

How about recent technology news? Can you name the CEO of the company that is producing the OLPC, and what former partner of that company is now producing a competitor called the Classmate? How many transistor's does Intel's newly revealed Tukwila chipset contain?

As for general knowledge. What is the first name of the man who wrote the 'Beardsley Bible' which is famous in the insurance and actuarial industries. (ok, unfair question, the man is my grandfather)

So to put it in terms you understand..

STFU!!!!!!!!!!!!!!!!!!!

Suzaku Feb 5th 2008 6:56PM

I got my account hacked a while back, 2006, I think, back when there was that massive outbreak of keyloggers, and specifically keyloggers contained in banner ads on a specific prominent WoW website.

Pretty nightmarish. You finally log in to find your hard work flushed down the toilet, characters naked, bags empty, and the only thing you can do about it results in a lengthy investigation process which requires the faxing of personal information to Blizzard.

Not fun.

I'm curious if hackers could be hacking passwords from guild forums? A lot of forum software is easier to hack than, say, WoW, and if someone uses the same password or usernames for everything, it's just a matter of trying them all out.

Apart from that, use Firefox (or anything apart from IE), get a decent firewall and/or security suite, check "remember account name" so you don't have to enter it manually, and don't go into any non-established WoW websites.

fortchuck Feb 5th 2008 7:04PM

I was hacked about two weeks ago.

I was checking my personal e-mail at work and had an e-mail from Blizzard saying that I had requested an password change. Since I had not requested a change, I then went and changed my password from work. I forwarded the e-mail to Blizzard to advise them of the situation.

About three days later, I get an e-mail from Blizzard saying my account has been suspended for 3 days for TOS violation(s). I again forwarded the e-mail I had sent to Blizzard to show that I was the one who told it about the problem. My account was reinstanted the next day.

Bodlar Feb 5th 2008 7:04PM

This same thing happened recently to a friend of mine. I sure hope your friend gets all their items back.

matt Feb 5th 2008 7:05PM

Damn, has there been a spike in hacked accounts, or am I just hearing about it more?

Just had 2 guildies get hacked. One had AV software, anti-spyware software, used a unique password for his WoW account.... I dunno, maybe he still got a keylogger from the forums. I know I've stopped using the official forums.

Corrodias Feb 5th 2008 7:05PM

Another common aspect of some of these is that the players with comprimised accounts are using an automatic addon updater from wowui.incgamers.com called "UI Central", or something like that. Their servers have been comprimised a few times and trojans inserted into that program. I don't have any reason to believe that the owners of the site are actually intentionally causing the issue, but nonetheless it is a problem and you should definitely not use the program until we're CERTAIN it won't happen again.

keltian Feb 5th 2008 8:11PM

Funny you should mention that. A few months ago when UI Central came out I had installed it on my machine just to try it out, as soon as I had launched the executable to install it my anti virus ( can't remember what it was) alerted me that i had just activated a key logger and it was able to catch it in the act and quarantine it, I then went and scanned my whole machine and found nothing on it after, oh and i promptly canceled the instillation of UI central. I have to say I was really lucky in that incident.

Slowburn Feb 5th 2008 7:22PM

I don't want to necessarily blame it on a specific site, but I'd like to advise everyone that in the last 2 days, while listening to podcasts on a very popular wow podcast site, I have had 2 trojans blocked by Antivir. The first time I thought it was a fluke, but after the second time I will never go back to that site. Good shows, but I'm not risking it. Again, don't want to blame the site since maybe they are unaware of it, but has anyone else had this issue?

TheFlameCrow Feb 5th 2008 8:12PM

Wouldn't hurt to name the site IMO

Verified Insanity Feb 5th 2008 9:43PM

Which one? Or more to the point, is it the one that the WoW insider podcast is on?

Another tip:
Always notify the Webmaster of the site, or if you can't find who it is, and the site's spewing trojans, the ISP would be glad to know too. It benefits the Webmaster because they may be able to save themselfs a job, or at least a reputation. The ISP would be glad too, because they save lots of bandwidth if the site's even mildly popular.

-Verified Insanity

Slowburn Feb 5th 2008 9:01PM

Yes the same one affiliated with Wow Insider. To be honest I'm a I'm not sure who I should be contacting about this issue. I'd like to let them know, but don't know who to tell lol.

Verified Insanity Feb 5th 2008 9:46PM

Oh my.

Another question!
What Antivirus? Are you sure it wasn't a cookie blocked?

Either way, I'm going to check it out.

Verified Insanity Feb 5th 2008 9:53PM

Holy s*it!

http://www.siteadvisor.com/sites/wcradio.com
tells all. Good site. It's gotten hacked three or so times now.

I'm never going back.

I've downloaded the iTunes Live stream... I'm gunna go scan some stuff now.
And file a complaint to Weblogs, Inc. if I get around to it.

WoWinsider: Using an insecure Podcast hoster is NOT COOL.

And this article is IRONIC. Your friend may have gotten hacked because he checked out a PODCAST FROM YOUR SITE.

/rantover
-Verified Insanity

Slowburn Feb 6th 2008 2:36AM

Heh, guess you don't need my answer now anyway lol. Antivir was the program that picked it up for me both times, excellent program. I would have written down all the details (which 'strain' or whatever, for example), but obviously I didn't know the very next day it would be so relevant. Damn. Scary stuff when you can't even listen to podcasts about something you enjoy so much...

Vik Feb 11th 2008 5:05PM

I recently had a trojan on an old video program; in addition something wrong with my "immunity clock" add on. I had to completely reinstall Wow without add ons.

Hi Feb 5th 2008 7:45PM

"you might want to consider copying and pasting your username and password so that there is no chance for this information to be keylogged"

Please DO NOT LISTEN TO THIS TIP.

This is very untrue and it is very easy to read from clipboard. Any keylogger made by someone who has a clue will not be fooled by copy/paste.

Tech Feb 5th 2008 7:35PM

time to change my password....

Previous 20 Comments | 1 | 2 | 3 | 4 | 5 | Most Recent | Next 20 Comments

Breaking news Feed

WoW Insider Show

Subscribe via iTunes for our latest show.

Hot Topics

Upcoming Events

Event	Date
Call to Arms: Isle of Conquest	5/14 - 5/16
Call to Arms: Alterac Valley	5/17 - 5/20
Call to Arms: The Battle for Gilneas	5/21 - 5/23
Call to Arms: Warsong Gulch	5/24 - 5/27
Call to Arms: Twin Peaks	5/28 - 5/30
Call to Arms: Strand of the Ancients	5/31 - 6/3
Darkmoon Faire	6/2 - 6/9
Call to Arms: Silvershard Mines	6/4 - 6/6
Call to Arms: Temple of Kotmogu	6/11 - 6/13
Call to Arms: Arathi Basin	6/18 - 6/20
Midsummer Fire Festival	6/21 - 7/5
Call to Arms: Eye of the Storm	6/25 - 6/27