Skip to Content
2-15-2008 @ 10:11AM
I got lucky when I got hacked--about 2 weeks earlier I had transferred my raiding main to a secondary account, to use her to help level other toons to 70. I was sitting in Netherwing on a Friday night, chitchatting with guildies in game and in vent, when I suddenly noticed 3 of my alts log into the game in rapid succession. When I realized what was going on, my husband jumped online and changed all of our account passwords, and I started logging into the account to force the hacker off. I ended up finding a low level shaman deleted, my paladin (my 2nd highest crafter) standing nekkid in Org, with no bank contents, no gear--BUT, she still had all her gold on her (caught them before a mailing attempt?). I double checked the other 2 characters I saw them sign on, but they hadn't been touched (oddly, since I had signed my priest, with a good amount of gold, out at a mailbox--so you'd think they'd see a mailbox and start sending).I sat in Org on my pally nekkid for an hour or so before I got a GM in-game to talk to me. I think a guildie even stopped by with a low-level tailoring dress for me to put on so I wasn't "freezing" in Org. The GM was great to talk to, and we talked for a while about the hacks going around, and what I was doing to check stuff out on my end. I also had concern that as a GM of my guild, I had seen 2 other raiders get hacked in the weeks before.I spent the rest of the night and the weekend scanning 5 PCs looking for a keylogger. Finally found it on a PC we had only signed my alt account into (saving grace for the raiding group, as I'm one of 2 hunters that raids, and my husband was about the only regularly raiding healadin at that time). I spent time with the scanners reviewing the information (ironically, my degree is in NetSec, so this stuff interests me) and figured out who the keylogger came from. Blizzard's "escalation" staff sent an email out of what they thought I had, and gave me the ability to add to the list of things they had missed. I sent them back an email detailing patterns and bank contents, and by Monday, I had 3 deleted toons restored, 3 toons stripped nekkid (2 different realms) 100% restored with gear, gold (on the other realm that my pally wasn't on), and bank contents.Now, my return time was really quick--my guildies waited about a month or 2 to get their stuff back. I'm thinking that the timetable you report the hack on has a lot to do with it. Since I was online when it happened, I was basically as "up to date" as I could be--and I basically "sterilized" the account and didn't disturb anything as soon as I signed in. The less field modifications made in their logs, the easier it is for them to go back and say "okay, here's a lot of DELETE lines in this inventory--guess we'll start here on the restore."I felt so violated after it had happened (yeayea, it was an alt account, but my pally was the next toon I was pushing to 70, so it left a bad taste), that I actually quit using the PC that the keylogger got installed on (I usually raided on my laptop because it was faster). Even though the PC was clean, I still felt uncomfortable. So, I ended up building a brand new gaming rig that I do everything on now. And now I seem to have a bag "bug" since the restore--my pally will DC out of the game if she's doing anything in her bags for 30 seconds. And then I get a DC loop, lol. But Blizzard is already investigating that as well.
First time? A confirmation email will be sent to you after submitting.
Members enter your username and password.
Enter your AOL or AIM screenname and password.
Please keep your comments relevant to this blog entry. Email addresses are never displayed, but they are required to confirm your comments.
When you enter your name and email address, you'll be sent a link to confirm your comment, and a password. To leave another comment, just use that password.
To create a live link, simply type the URL (including http://) or email address and we will make it a live link for you. You can put up to 3 URLs in your comments. Line breaks and paragraphs are automatically converted — no need to use <p> or <br /> tags.