Patch 5.2 interview with Dave Kosak
Inside an old alt's vault
The latest patch 5.2 news
All of the latest Mists of Pandaria newsBreakfast Topic: Hacked
by Amanda Dean 
Feb 15th 2008 at 8:00AM
My first post on WoW Insider was about a friend of mine being hacked, this time it's about me. I woke yesterday and tried to copy a character over to the public test realm as I've been doing often lately. I got a password error. I tried to log into my account- same thing. My email had this happy little surprise for me:
Hello Amanda,
The character transfers listed below have been completed as of 2/14/2008. The character[s] listed will now appear in the new location and/or account selected and are immediately available for play!
- <character> - Level 70 Tauren Shaman - now on realm: Blade's Edge.
I recovered my password and logged into my account. Of course all of the bags on my characters were empty. I found my shaman logged into Shadow Labyrinth on a different realm with 38 minutes left on her Hearthstone cooldown. I'm very happy that although nearly-naked, my Paladin is still wielding her Lionheart Blade. My poor, dear Shaman is currently wasting away on a PvE realm. (Oh why couldn't they have moved the Pally instead?)
I'm careful with my account. I don't share my password. I don't even use AddOns. I do visit many WoW-related sites to find out the latest, greatest info for WoW Insider. I'm not sure where the keyloggercame from, but it slipped past my anti-virus measures. I found the customer service representatives to be rather curt and unhelpful. I was told that I will hear something about my account in the next week or two.
For those of you who have experienced this before, what was your experience like in retrieving your characters? Did anyone have PvP to PvE transfers reversed or refused? Did you feel as angry and violated as I do right now?
Filed under: Odds and ends, Blizzard, Breakfast Topics
Reader Comments (Page 4 of 8)
Auralez Feb 15th 2008 9:18AM
I'm sorry to hear that :(
2kings Feb 15th 2008 5:31PM
I got hacked the day before Christmas but i got every thing back shortly after the new year
thankfully i never got transfered
but they made a alt and had a bunch of BOE blues and LOTS of potions on the ah
i got all that
but hardly made up for what i lost
blizz gave my stuff back some of the gold and another 350(to 2 toons) for my troubles
Morten Feb 15th 2008 11:50AM
I was hacked about 18 months ago. Took all the gear of my main and several alts, but they didn't do anything else (this was before the time when you could transfer characters). And just to make things worse, my already rocky guild started falling apart after this, since as the main tank I was out of commission for over a week, with no one else capable of taking my place.
Ever since then I have gotten quite paranoid about this. Now I change my password once a week, run virus scans twice a week (and I really hope that there arnt any viruses that are able to sneak through). I use Firefox with no-scrip and ad-block add-ons, in addition to several other things. My biggest fear about this is since I have access to the guild bank, if a hacker gets in it will effect not only me, but my guild-mates as well.
Curse these people. I hope there is a special place in hell for them...... :)
biglou Feb 15th 2008 9:20AM
Not only did I have my acct hacked and lvl 70 toon transferred, the hacker cancelled the transaction and I got a nasty gram which stated "This email is to inform you that there has been a payment dispute filed
against xxxxxxxxx for a recent paid character transfer. As a
result, the character for which the payment was disputed has been
temporarily disabled." OBTW, this happened on a friday night at about 10:00pm so of course there is no live support until Monday.
Molly Feb 15th 2008 9:30AM
I've been hacked before, and honestly, the best precaution to take is to never type your password into any of the blizzard web sites or the game. Copy and paste it from a secured notepad program. I use LockNote which encrypts and password protects your anything your write in it. And, I just paste my password in whenever I need to log in. So, if I ever get a keylogger again, ctrl-v are the only keystrokes it'll record.
LockNote's site:
https://www.steganos.com/us/products/home-office/locknote/overview/
Ahoni Feb 15th 2008 9:42AM
Some keyloggers can record everything put in the Clipboard.
Don't rely on copy/paste to defeat them. It doesn't hurt, but its not foolproof.
nav Feb 15th 2008 9:44AM
What makes you think that a keylogger won't simply capture the contents of the clipboard everytime it sees a paste keystroke?
Please don't rely on the above advice. Rely on not getting malware on your computer. Once you lose control of your computer, it's game over.
theRaptor Feb 15th 2008 9:44AM
Sorry but it is trivial for malicious software to scrape the Windows clipboard. The general rule in computer security is that if they are already inside then they can do whatever they want (even on Linux or Mac).
Mordermi Feb 15th 2008 9:37AM
I was hacked about 18 months ago. Logged in to find my 5 highest toons stripped of gold/silver and all the purples/blues sold from my main. Took about 24 hours to get control of the account back. Took about 2 weeks to get a few things back (yea, tier 1 & 2 loot!)...took almost 2 months to get back the blues and most of my gold back. Be polite, be patient, but be persistant.
My guild, The Society on US-Shadowmoon, was good to me after I listened to them try to work on progression for a couple nights. They took up a collection to help me get back on my feet and raiding while the investigation was ongoing. Bought a ton of greens of the AH to be The Green Machine, then the following week went shopping again to be The Blue Light Special. A good guild can be a life-saving support network when you are staring at the naked toon by the mailbox when you log in.
Jarviswabi Feb 15th 2008 9:38AM
I was hijacked about 4 weeks ago--logged out on a Friday night in IF, tried to login Saturday morning to find my password changed, when I got in I was in Dire Maul with a new talent build, all my gold and mats plundered from my bags and my bank. My bag had about a dozen blue BoP items in it, so I think they were using the same exploit as SL to repeatedly plunder a chest or something.
Blizz was relatively helpful--within a week, they restored my 900g and about half the items I lost. I was still out a couple hundred gold worth of primals and engineering mats, but selling the blues my hacker left behind helped compensate for that.
I assume the keylogger got in via an addon, or else through a guild or fansite (stupid to use my same password).
The worst part was the feeling of utter loss and violation--months of tedious farming and effort blown away in a matter of hours. If my gold hadn't been restored, I probably would have quit. I love playing, but I just can't imagine starting from scratch.
What I don't get is why they respec'ed me (from MM hunter to BM). Do they maybe sell the toons afterwards, and BM is more desirable? Whatever, I'm just glad I thought to check on my auctions that morning, or else I could have been gone for good.
It makes me feel better to know there are others out there who've gone through this and felt as lousy as I did about it.
Alysandir Feb 15th 2008 9:41AM
Having been hacked before myself, I fully understand what you mean about the curt and unhelpful replies from customer support. For those who've never been hacked before, believe me when I say this step is infuriating because Blizzard's entire position is that it's *your* fault you got hacked and treats you like the criminal, not a victim of a crime. *You* must have given your password out, or *you* must have used a powerlevelling service, etc. Bullcrap.
Frankly, I'm amazed at the amount of sympathetic posts you're getting here; usually the response is something along the lines of "you must be really stupid to get hacked...l2security!". Of course the irony here is that even security-savvy people are getting hacked; I was reading an article about hackers switching DNS settings on the local computer to use legitimate URLs to point to bogus sites used to capture credentials. You would never know or suspect anything was wrong until the damage was done.
FWIW, I got about 90% of my stuff back; the biggest thing I lost was my vanity pet whelpling. But it took almost a week and a half for this to happen.
-Alys
johnthorpe Feb 15th 2008 9:43AM
You know, I keep coming back to the same point: if people would stop buying gold, these assholes would stop hacking accounts for gold to sell.
theRaptor Feb 15th 2008 9:47AM
No they wouldn't. A lot of these hacks are done by bored kids looking to grief people. These are the same people who do pointless website defacement.
johnthorpe Feb 15th 2008 9:59AM
You're right. They teleport in and put of Shadow Labs farming chests for no good reason. Apparently that is "fun".
Badger Feb 15th 2008 10:28AM
I disagree with TheRaptor, but without John's blatant sarcasm. (Hehe.)
There's too much potential profit involved in selling in-game items and currency for this to be some bored teenagers. If that were the case they would just get deface others' accounts and harass people (and GMs, no doubt) until they were forcibly removed from the game.
John Feb 15th 2008 9:42AM
I was hacked about 8 months ago. Found the keylogger and cleaned out my system. I sent Blizzard an email and it took 1 month to get my account back and everything that was on the account. Luckily, the account thief only created toons on different servers to try and sell gold, I had all my stuff back.
My biggest complaint is that I lost an entire month of play time due to of course being locked out of my account at that time. I was not able to get that time back because the Blizzard rep stated very rudely that I had not played that month. I replied that I had been locked out of my account pending the investigation and he again rudely stated that I had not played that month. I then said to him that I cant play with my account locked but the situation was resolved. He then said it was my mistake to click the link and I pretty much could either keep playing or cancel my account. How was I to know it was a keylogger? I have since then made a proactive attempt educate myself about those links and what to look for but you can still get hacked and not even realize it.
Tridus Feb 15th 2008 9:54AM
An overlooked issue here isn't keyloggers. If your WoW password is the same as the password you use on some other website and that website gets hacked/intercepted/has a malicious adminstrator, you just gave away your WoW password.
Treat your WoW password the same way you treat your ATM PIN. Far too many people overlook this problem.
dfscott Feb 15th 2008 10:45AM
The big thing that bothers me about this is that you have to use your wow password to log into the O-forums. This means if I want to post something from my parents house or an Internet Cafe or something, I'm having to hang my password out there on an unknown system.
They should provide a way to link a forum password to your account so you only have to type in your "real" password when you first create your forum id.
Tridus Feb 15th 2008 11:02AM
@dfscott
Its true. My account was hacked by posting on the official forums on an infected computer at school. The only thing you can do is avoid them when you're not at home.
Mirina Feb 15th 2008 10:11AM
I got lucky when I got hacked--about 2 weeks earlier I had transferred my raiding main to a secondary account, to use her to help level other toons to 70. I was sitting in Netherwing on a Friday night, chitchatting with guildies in game and in vent, when I suddenly noticed 3 of my alts log into the game in rapid succession. When I realized what was going on, my husband jumped online and changed all of our account passwords, and I started logging into the account to force the hacker off. I ended up finding a low level shaman deleted, my paladin (my 2nd highest crafter) standing nekkid in Org, with no bank contents, no gear--BUT, she still had all her gold on her (caught them before a mailing attempt?). I double checked the other 2 characters I saw them sign on, but they hadn't been touched (oddly, since I had signed my priest, with a good amount of gold, out at a mailbox--so you'd think they'd see a mailbox and start sending).
I sat in Org on my pally nekkid for an hour or so before I got a GM in-game to talk to me. I think a guildie even stopped by with a low-level tailoring dress for me to put on so I wasn't "freezing" in Org. The GM was great to talk to, and we talked for a while about the hacks going around, and what I was doing to check stuff out on my end. I also had concern that as a GM of my guild, I had seen 2 other raiders get hacked in the weeks before.
I spent the rest of the night and the weekend scanning 5 PCs looking for a keylogger. Finally found it on a PC we had only signed my alt account into (saving grace for the raiding group, as I'm one of 2 hunters that raids, and my husband was about the only regularly raiding healadin at that time). I spent time with the scanners reviewing the information (ironically, my degree is in NetSec, so this stuff interests me) and figured out who the keylogger came from. Blizzard's "escalation" staff sent an email out of what they thought I had, and gave me the ability to add to the list of things they had missed. I sent them back an email detailing patterns and bank contents, and by Monday, I had 3 deleted toons restored, 3 toons stripped nekkid (2 different realms) 100% restored with gear, gold (on the other realm that my pally wasn't on), and bank contents.
Now, my return time was really quick--my guildies waited about a month or 2 to get their stuff back. I'm thinking that the timetable you report the hack on has a lot to do with it. Since I was online when it happened, I was basically as "up to date" as I could be--and I basically "sterilized" the account and didn't disturb anything as soon as I signed in. The less field modifications made in their logs, the easier it is for them to go back and say "okay, here's a lot of DELETE lines in this inventory--guess we'll start here on the restore."
I felt so violated after it had happened (yeayea, it was an alt account, but my pally was the next toon I was pushing to 70, so it left a bad taste), that I actually quit using the PC that the keylogger got installed on (I usually raided on my laptop because it was faster). Even though the PC was clean, I still felt uncomfortable. So, I ended up building a brand new gaming rig that I do everything on now. And now I seem to have a bag "bug" since the restore--my pally will DC out of the game if she's doing anything in her bags for 30 seconds. And then I get a DC loop, lol. But Blizzard is already investigating that as well.