Another blow in the keylogging experience
by Amanda Dean 
Mar 15th 2008 at 9:00AM
The worst part of the keylogging episode was that my Shaman was transferred from a PvP to PvE server. After about a week in limbo my beloved Tauren was returned to her proper place. I was extremely relieved. Unfortunately that's the only thing on my account that Blizzard was kind enough to restore. They refused to return any of my gear or gold and did nothing about the items ninjaed from the guild bank. I appealed their decision with several emails. Those appeals were ubiquitously denied despite logical arguments and heart-filled plights. I thought it was all over, for better or for worse.
I got more bad news in my email box the other day:
This email is to inform you that there has been a payment dispute filed against <ACCOUNT NAME> for a recent paid character transfer. As a result, the character for which the payment was disputed has been temporarily disabled.
As a result of this dispute, funds paid for the transfer were withdrawn from Blizzard Entertainment in direct violation of the account's terms. This is known as a "chargeback."
The total withdrawn by this chargeback was: $25.00.
A full timeline for this chargeback is as follows:
2/14/2008 - The credit card was charged: $25.00 as a result of this character transfer.
3/11/2008 - The credit card company considered the dispute a success, thus creating a negative balance for the above mentioned account.
[Instruction text]
The account is now considered by Blizzard to have a negative balance, and the character will be unavailable for play until any and ALL outstanding balances have been repaid to Blizzard. These funds can only be repaid via a money order for the full and EXACT amount of the disputed funds: $25.00.
[Further instruction text]
Once the money order is received and processed, Blizzard will unlock the character for play again, provided these instructions have been followed.
I panicked. I felt that Blizzard was holding my Shaman for ransom. Through my semi-hysterical eyes, the email read something like. "We have your Shaman. So far she has not been harmed. Unless you send us the sum of $25 in an unmarked envelope, you will never see your Shaman alive again." I was torn about paying it. Yes, I want my Shammy to be safe and sound. On the other hand, I was afraid that by paying for the transaction I was legitimizing it. I felt that equated in a way taking to responsibility for the credit card fraud that was committed while I was not in control of my account.
With a little help from my friends and encouragement from the WoW Insider team, I bravely emailed account administration and called the billing line. After waiting on hold for just short of ten minutes, a voice came on the line. I began an impassioned plea, with little tears welling in the corner of my eye, for mercy on my poor Shaman. After all, she'd been though enough already. To my astonishment, clemency was granted. The follow-up email stated:
After a thorough review of World of Warcraft account <ACCOUNT NAME>, we have determined that the registered user does not appear to have been in control of the account at the time of the charge that was contested by the financial institution; as a result we will waive the chargeback(s) that you were previously notified of. The fees in the amount of $25.00 have been addressed, and you will not be required to provide a money order for those funds.
**Please note that this waiver is a one time exception. Further chargebacks may result in account action up to and including account closure.**
In the past, my experiences with Blizzard's account services have been primarily negative. The first time I called regarding the keylogger, I was so angry I threw my phone across the room (and I'm not a violent person). It went downhill from there. The customer service forums are filled with upset players looking for news and relief on their compromised account.
This time, the Staff was responsive. I'd like to publicly thank Jacob H. from the phone support team for not torturing me when I called for help. Finally, I had a positive experience from Blizzard's technical support. Now how about a more secure authentication procedure?
Filed under: Odds and ends, Blizzard, Forums
Reader Comments (Page 1 of 3)
Shadowisp Mar 15th 2008 9:13AM
Well Blizzard and Players are being put out by the actual transfers taking place if the Banks/Credit Card companies are also involved... this makes it criminal bank fraud on part of the account hackers.
I think it is best that Blizzard put in place new practice and procedures to vailidate users and financial details before such transfers are conducted.
I bet with a bit of due diligence on part of Blizzard/Vivendi they may be able to stop this fraudulent trend and stop the blatant account hacks going on atm.
Matdredalia Mar 15th 2008 11:09AM
I agree. IMO, adding a few validation questions or requiring more information before proceeding would not complicate the process by that much and on the overall would benefit a LOT of people.
Sydnius Mar 15th 2008 11:25AM
Hmm. I have sympathy for your ordeal, but contempt for your final statement of the piece. If you've got a keylogger, the security of Blizzard's authentication system will never be culpable for problems you experience.
Jack Spicer Mar 15th 2008 1:24PM
Given the huge success of WoW, I think its about time Blizzard increased its anti-account hacking measures. Whether that means making it harder for hackers to gain access to player accounts, or simply making the "FULL" recovery of a hacked account more painless - they definitely need to do something.
I agree that some responsibility for account security is on the player. But honestly, does anyone think that Blizzard should be able to just sit back and do nothing when WoW's very success is the reason why we're all getting targeted by hackers?
Xtazey Mar 15th 2008 9:15AM
That's nice to hear, I recently got my account hacked and it was transferred to another realm :/.
theRaptor Mar 15th 2008 9:25AM
Meh Blizzard needs to pull their finger out and do more for players who have been key logged. I have never seen an MMO company go with the "ZOMG we haf no backups" like Blizzard do. Somehow people can get GM's to restore characters deleted two years ago, but get keylogged and your purples sharded and suddenly its "Blizzard can not verify what equipment your character had". To me that reads "we can't be bothered figuring out if you have a legitimate issue or are just trying to scam money, so fuck you". Not good enough.
The whole transferring characters then issue charge backs is also a major issue. IMO some organised crime group is trying to blackmail Blizzard with it (if banks start getting to many charge backs against Blizz they will stop authorising transactions at all), or the gold sellers are just giving Blizz the bird for all the crack downs.
Kudos to Amanda for keeping playing despite this BS. I know if I logged in to find all my purples sharded I would just give up.
Cetha Mar 15th 2008 9:26AM
yikes..so sorry to hear about that...my acct got hacked recently, instead of calling I went through a GM and after a week of suspense they restored all my items and sent me a huge chunk of gold to cover the things they didn't replace (consumables and the like)..i guess i was luckier than I thought
duhreetoh Mar 15th 2008 9:30AM
I got the same email and had the same reaction so I emailed but didn't call billing... yet. I got this response and I'm not sure what to make of it.
The payment for the paid character transfer must be entered from scratch, for each transaction. It is likely the charges were from the credit card of the individuals that hacked your account and not your credit card. If you see these charges reflected on your statement, please address them directly with your credit card company or bank, as appropriate, in that if the charges register on your cards your card information is compromised as well. The funds may be returned through a fraud investigation if this is the case.
So I emailed back asking basically... so does that mean I don't have to send a money order?? If I get a response saying that I still do. I'm giving them a call.
Green Armadillo Mar 15th 2008 6:59PM
Presumably, they paid for the character transfer using someone else's stolen credit card info, and the actual card-holder disputed the charges.
BladeeR Mar 15th 2008 9:32AM
If honest, the account service sucks big time. When tried to get my hacked account back, thats what happened me:
Me-> Blizz:
Hello, I lost my acc bla bla. This is my ID card photo, and answer on SQ. Also here are CDkey. Please change email to what I am writing from, and also if it is possible change my SQ. But only after I have account back please.
Blizz-> Me:
/ignore your hacked account.
So, you want to change your SQ, in order to do it, please send us photo of the original CDkey, and also your IDcard.
Me-> Blizz:
Wtf, are you blind? I asked to restore account first, then fix SQ fuzz! Ah well, here you go all the photos.. And restore account please with new password.
Blizz-> Me:
Thank you, here is your new SQ. Bye
Me-> Blizz:
WTF GUYS!! Cant you do 2 things at same time, I asked to restore my account aswell!
Blizz-> Me:
We see.. please submit your IDcard photo to us and CDkey + SQ.
Me-> Blizz:
/sigh.. I send you it already, but here we go...
Blizz-> Me:
Thank you, here is yours account, have a nice time.
Me: /rude...
I was so god damn pissed at those morons.. I mean, how many times do I need to send them files, and what is so god damn impossible to read whole my email and do all stuff in one go.. Geeez..
MJ Mar 15th 2008 9:44AM
I totally agree with the stronger authentication. I would like to see some sort of dual authentication factor with something like RSA Secure ID tokens. So after you enter your password, you would also have to enter the current random number on your token. These random numbers on your token change every 30-60 seconds, so if you had a keylogger on your pc, the hackers would have a very small window to login and hack your account.
Blizzard makes it so difficult to get everything back to normal if you are hacked, the least they can do is make a stronger authentication system to help reduce the chances from this happening.
MJ
Sakerin Mar 15th 2008 1:32PM
Actually the number "expires" after one use in most systems so that even if the machine has been compromised by a keylogger of someone was looking over your shoulder they cannot use this information to log in to the account.
Joshua Ochs Mar 15th 2008 3:57PM
OR... you could take a tiny bit of responsibility and NOT GET HACKED.
What's next? Secure tokens from all your e-mail providers, ISP's, banks, etc, just because you can't be bothered to be competent with your own computer?
theRaptor Mar 15th 2008 6:23PM
Right because Firefox+adblock+NoScript is 100% fool proof right? Sure maybe if you don't do anything on your wow computer except play wow and visit the official site. And my bank does use two factor authentication (though not a token system) because the average person can not be expected to secure their computer. It is like expecting the average person to know that commercial door locks are trivial to defeat.
Perrins Mar 15th 2008 9:53AM
dude how can they not verify what you had? they have the armory to fall back to. honestly speaking i agree with the above poster. if i logged in found my toon hacked sacked and gutted and no chance for a restore. well thanks for the fun had a blast now im gone. took me the better part of a year to get my warriors tank gear to where he is. im not going throught that hell again. tanking gear rarely drops as it is.
the most simplistic way to prevent a toon transfer is to have blizz make the cc thats on the account be verified again before approving the transfer. like verifying the cvs number on the back of the card or having you answer your secret question. its really easy to incorporate that into the system i bet it would take a max of 7 lines of code.
WHATSUPI'MFAMOUS Mar 15th 2008 11:26AM
My thought is, if you look at the bigger picture - Blizzard wants people to be scared of buying gold. If you look at these stories and think "Wow, if i buy gold from these scum bags i'm just going to get my account hacked and sharded a week later" maybe people won't do it. But if Blizz makes the system 100% keylogger safe (which they probably can) people would say "Screw this, they couldnt log my keys if they wanted to" and gold buying and account selling would run rampant and seriously mess up the game.
Not saying this is what happened to Amanda, of course innocent people get caught up. But seriously - this isn't the gold sellers fault, it's the gold BUYERS. Blizz needs more methods to crack down on who is buying the gold and accounts to fix this problem.
Aigarius Mar 15th 2008 12:46PM
It is impossible to guard against keyloggers as long as it is possible to run other software on your computer besides WoW. IT could be possible on a PS3, for example, but not on Windows (or Mac or even Linux really). However, it would be *really* hard to make an effective keylogger for Mac and Linux due to hard security controls on hardware access.
theRaptor Mar 15th 2008 6:29PM
@15
WTF? What does being a gold buyer have to do with getting your account hacked? Unless you mean the "'let us farm on your account for a week and we give you 1000 Gold!!111" scam? A gold buyers account is no more exposed then any other account, because all the gold seller knows is a CC and character name. You don't give them your username.
Stephen Mar 15th 2008 10:09AM
I had the same experience, my account got keylogger at least like 10 times cuz for some reason i can't fully format the Trojans on my computer. I tried restoring window, buying an extra harddrive, installing new Anti-virus software, and nothing seems to help. I couldn't leave my all epic paladin, so.... I brought a new computer, and even since then I just stay away from all the addons. YAP, no addons at on. Screw Keyloggers, Screw Blizzard for not being able to solve multiple problems at one time. If Blizzard tell me to lick their shoes in order to keep my paladin, i think i probably would have.... i know... it gets frustrating. God Bless you, Amen!
AlmtyBob Mar 16th 2008 9:22AM
For the love of god, addons do not give you keyloggers.
The End.