Breakfast Topic: Hacked
by Amanda Dean 
Feb 15th 2008 at 8:00AM
My first post on WoW Insider was about a friend of mine being hacked, this time it's about me. I woke yesterday and tried to copy a character over to the public test realm as I've been doing often lately. I got a password error. I tried to log into my account- same thing. My email had this happy little surprise for me:
Hello Amanda,
The character transfers listed below have been completed as of 2/14/2008. The character[s] listed will now appear in the new location and/or account selected and are immediately available for play!
- <character> - Level 70 Tauren Shaman - now on realm: Blade's Edge.
I recovered my password and logged into my account. Of course all of the bags on my characters were empty. I found my shaman logged into Shadow Labyrinth on a different realm with 38 minutes left on her Hearthstone cooldown. I'm very happy that although nearly-naked, my Paladin is still wielding her Lionheart Blade. My poor, dear Shaman is currently wasting away on a PvE realm. (Oh why couldn't they have moved the Pally instead?)
I'm careful with my account. I don't share my password. I don't even use AddOns. I do visit many WoW-related sites to find out the latest, greatest info for WoW Insider. I'm not sure where the keyloggercame from, but it slipped past my anti-virus measures. I found the customer service representatives to be rather curt and unhelpful. I was told that I will hear something about my account in the next week or two.
For those of you who have experienced this before, what was your experience like in retrieving your characters? Did anyone have PvP to PvE transfers reversed or refused? Did you feel as angry and violated as I do right now?
Filed under: Odds and ends, Blizzard, Breakfast Topics
Reader Comments (Page 1 of 8)
Eric J Feb 15th 2008 8:07AM
Angry an violated, yes.. Fortunately those who got my account only were able to created new toons, and tunnel money through them. I didn't lose too much, but that's just not the point.
Ironhide Feb 15th 2008 10:05AM
I work in IT Security and my suggestions are Firefox with "NoScript" installed. Almost all of the keyloggers will come from visting sites with 0 pixel IFRAMES or just the general malcious javascript. Install Firefox and NoScript and then selectively enable Javascript on sites you trust.
Generally these loggers are installed by a call to javascript to a site that is different from the one your using, so after you have NoScript take a look at the little NoScript icon down the bottom right and see what sites are requesting to run script. I only usually enable (and then only temporarily) the site I am visting, or sites I know about (like youtube for example to see movies).
Its still possible for hackers to compromise a site itself and put the javascript files on the main site but its alot harder than just pulling their script from their own site.
I honestly think part of the issue here is that its becoming harder for farmers perhaps to make gold and so a good way to make some is to hack accounts and liquidate the accounts items. Or use the char in SL for what ever that is. Its alot cheaper than continually having to buy/register new accounts to farm.
Devant Feb 18th 2008 10:22PM
A good thing to use is a program like SnoopFree Privacy shield. It is a free program the actively monitors your computer for activity like screen reading and keyboard hooking and deny access. You can find a series of good free programs to choose from here:
http://www.raymond.cc/blog/archives/2007/09/20/how-to-beat-keyloggers-to-protect-your-identity/
I personally use SnoopFree myself and highly recommend it.
jbodar Feb 15th 2008 6:13PM
Excellent post, Ironhide.
I'd also recommend password utilities like KeePass and Keyscrambler.
heartless_ Feb 15th 2008 8:23AM
Sorry to hear about this, we don't need to lose any more Shamans! I would double check your various UI mods and make sure you didn't get a tainted one. Had a friend use a secondary UI website when Curse was down and he got hit with a keylogger that didn't get picked up through his AVG anti-virus. Fortunately, ClamAV caught it after the fact and last I heard his account was fine with a new password.
It sucks, but WoW is a hot target for cyber criminals.
Ekimus Feb 15th 2008 8:34AM
I just thought of a decent aggressive strategy for protecting yourself from KeyLoggers.
As noted above, play the password changing game. However, change your WoW password from a different computer than where you have WoW installed.
Do this as often as you can, and hopefully it will help thwart KeyLoggers.
Iamnotalie Feb 15th 2008 4:33PM
@Ekimus
Somehow I doubt repeatedly entering a password on different computers that you aren't responsible for securing would help security.
Ekimus Feb 15th 2008 8:12AM
I know one of our guildies was hacked a while ago. I'm not sure if they ever got their stuff...
Personally, I would backtrack your steps and see where you might have run into a virus/key logger. MySpace? Facebook? Maybe even a sneaky add here on the Webblog Inc. network.
Also possible that it was just a blind script kiddie's virus scanning a bunch of computers and installing the KeyLogger.
I wonder if these keyloggers/viruses are being ignored by the Anti-Virus vendors since they effect a relatively small portion of the web.
Ekimus Feb 15th 2008 8:14AM
As a side note, I've been tempted to play the password-rotation game. So that in the off chance I do get a KeyLogger, I may have rotated to a new password by then.
Sakerin Feb 15th 2008 8:25AM
Myspace/Facebook are very possibly where these came from, however they could have come from anywhere. Most of these hide in ads and auto-install if using IE on the default settings as most people do. To protect myself I make sure to keep my hardware and software firewalls properly configured, keep my updates current on all software, and run Firefox with Adblock (pretty aggressively configured).
Mike Feb 15th 2008 8:14AM
Switch to Firefox, use NoScript to disable JavaScript .. I had already three "regular" wow sites that tried to install funny stuff on my pc that was stopped by NoScript. And update Windows regulary ..
Mike
Ekimus Feb 15th 2008 8:18AM
Not a bad call. I would install that and disable JavaScripts on the big WoW sites. Also use the AddBlock Plus addon.
FireFox,or even Opera, is a must. I slipstream FirFox onto every Windows Install we do for our company. You shouldn't surf without it!
(p.s I actually disable ABP on sites I read regularly, it's only fair :-) )
Keiji Feb 15th 2008 8:16AM
Gee.. that's sad. A friend of mine was hacked about 2 months ago and all raped too. 70 pally, warrior and lock. Somehow they didnt touch her 39 priest. And worse they logged on the hunter of another server and respeced reeeeeeeeal bad. Fortunately blizz checked and restored all the sold items/equips. No transfer thou.
Simon Feb 15th 2008 8:17AM
I've had my account hacked twice. But this was when I was playing the game on the family PC, which my dad uses, needless to say, he's a bit of a noob when it comes to computers. Luckily I bought my own computer and all is fine now!
Both times a character was moved from my original server to another one. However, after closing my account for what seemed like an eternity (a week max) they replied with a little email and REVERSED the transfers! I was rather happy.
Unfortunately, I didn't get my gold back. I did get 12g back which, while not preferred, did help in my road to recovery. My guild helped loads. Shout out to Prime on EU-Dragonblight!
The hacker had also left me a nice present though!
Galipan Feb 15th 2008 8:19AM
The main tank of my guild was hacked a couple of months ago. He emptied our guild bank (he had class leader status, therefore full access) and lost all of his T5, SSC and TK epix. We spent 4 weeks gearing up our off-tank because we couldn't advance without this. It's very frustrating, even when you are not the effected one directly. This definitely effected the whole guild, and slowed us down like you could never imagine.
Deji Feb 15th 2008 8:17AM
You should be able to get things restored but it will take a while.I'm not so sure about the transfer, I don't see why not given thecircumstances. (im curious was it a pay transfer or a free one?)
A friend of mine got their account hacked recently luckily theydidn't loose much as someone noticed their character being logged in, but it did take between 2-3 weeks (approx) before blizzard returned access to the account.
I would say someone commented previously about Blizzard having real issues with restoring characters who have been transfered with the correct gear (using old backups resulting in missing items etc.)
Good luck and keep us updated :)
Gokex Feb 15th 2008 8:18AM
just gotta step up and not take the customer services lame unhelpful replies. Call again, hassle them.. make them transfer your toon back with all the gear.
It WILL take a few days, they usually do.. someones gotta "investigate" the claim, but they're usually good about restoring items lost. Start making a list now, while it's still fresh.. cause they're going to want one :P
Frank Feb 15th 2008 9:43AM
Blizz really needs to step up and put in better measures to prevent this- it's happening way too much lately. And for anyone out there buying gold- you are a huge part of why this happens.
nav Feb 15th 2008 10:04AM
Can you suggest any better measures Frank? They can't reengineer your webbrowser and OS to make them safer, and they're a games company not a security company and I'd prefer they invest their resources writing games not antivirus software. What practical measures do you think they could put in place that they don't have in already?
Ahoni Feb 15th 2008 10:53AM
What is Blizzard supposed to do? They don't control YOUR computer, you do.
Microsoft wrote the bloody OS, and THEY can't secure it. WTF is Blizz gonna do?
Amanda says in the article that she does not use Add-Ons. I would love to find out where THIS keylogger comes from. Anytime you hear about someone getting hacked a lot of the blame is focused on the Add-Ons. Since we have a case here with someone who says they don't use any add-ons, we can't use that excuse.
One of the big culprits, I suspect, is online advertising. The advertising world is a murky one, with multiple partnerships, reselling agreements and add pools making it difficult to determine exactly where an ad came from. It would be easier for the bad guys to slip a compromised banner ad into the network and have it legitimately displayed on a website than to hack said website.