Patch 5.3 interview with Ghostcrawler
Mystery of the Unborn Val'kyr
The latest patch 5.3 news
All of the latest Mists of Pandaria newsAnother blow in the keylogging experience
by Amanda Dean 
Mar 15th 2008 at 9:00AM
The worst part of the keylogging episode was that my Shaman was transferred from a PvP to PvE server. After about a week in limbo my beloved Tauren was returned to her proper place. I was extremely relieved. Unfortunately that's the only thing on my account that Blizzard was kind enough to restore. They refused to return any of my gear or gold and did nothing about the items ninjaed from the guild bank. I appealed their decision with several emails. Those appeals were ubiquitously denied despite logical arguments and heart-filled plights. I thought it was all over, for better or for worse.
I got more bad news in my email box the other day:
This email is to inform you that there has been a payment dispute filed against <ACCOUNT NAME> for a recent paid character transfer. As a result, the character for which the payment was disputed has been temporarily disabled.
As a result of this dispute, funds paid for the transfer were withdrawn from Blizzard Entertainment in direct violation of the account's terms. This is known as a "chargeback."
The total withdrawn by this chargeback was: $25.00.
A full timeline for this chargeback is as follows:
2/14/2008 - The credit card was charged: $25.00 as a result of this character transfer.
3/11/2008 - The credit card company considered the dispute a success, thus creating a negative balance for the above mentioned account.
[Instruction text]
The account is now considered by Blizzard to have a negative balance, and the character will be unavailable for play until any and ALL outstanding balances have been repaid to Blizzard. These funds can only be repaid via a money order for the full and EXACT amount of the disputed funds: $25.00.
[Further instruction text]
Once the money order is received and processed, Blizzard will unlock the character for play again, provided these instructions have been followed.
I panicked. I felt that Blizzard was holding my Shaman for ransom. Through my semi-hysterical eyes, the email read something like. "We have your Shaman. So far she has not been harmed. Unless you send us the sum of $25 in an unmarked envelope, you will never see your Shaman alive again." I was torn about paying it. Yes, I want my Shammy to be safe and sound. On the other hand, I was afraid that by paying for the transaction I was legitimizing it. I felt that equated in a way taking to responsibility for the credit card fraud that was committed while I was not in control of my account.
With a little help from my friends and encouragement from the WoW Insider team, I bravely emailed account administration and called the billing line. After waiting on hold for just short of ten minutes, a voice came on the line. I began an impassioned plea, with little tears welling in the corner of my eye, for mercy on my poor Shaman. After all, she'd been though enough already. To my astonishment, clemency was granted. The follow-up email stated:
After a thorough review of World of Warcraft account <ACCOUNT NAME>, we have determined that the registered user does not appear to have been in control of the account at the time of the charge that was contested by the financial institution; as a result we will waive the chargeback(s) that you were previously notified of. The fees in the amount of $25.00 have been addressed, and you will not be required to provide a money order for those funds.
**Please note that this waiver is a one time exception. Further chargebacks may result in account action up to and including account closure.**
In the past, my experiences with Blizzard's account services have been primarily negative. The first time I called regarding the keylogger, I was so angry I threw my phone across the room (and I'm not a violent person). It went downhill from there. The customer service forums are filled with upset players looking for news and relief on their compromised account.
This time, the Staff was responsive. I'd like to publicly thank Jacob H. from the phone support team for not torturing me when I called for help. Finally, I had a positive experience from Blizzard's technical support. Now how about a more secure authentication procedure?
Filed under: Odds and ends, Blizzard, Forums
Reader Comments (Page 3 of 3)
Joshua Ochs Mar 15th 2008 3:57PM
And one that is completely avoidable if you're semi-competent. And I should emphasize the "semi".
If you have a keylogger they could have taken your bank account and identity. Count your blessings and be more careful with your system in the future.
Tutunkommon Mar 15th 2008 3:11PM
What motivation would Blizz have to fix it? Their user numbers keep going up, so it obviously isn't driving people away. Until it causes _THEM_ some discomfort they have no reason to care.
Joshua Ochs Mar 15th 2008 3:48PM
If someone is logging your keyboard activity, there's not a damn thing Blizzard (or your bank, or your ISP, or your e-mail provider, or...) can do about it - they have your credentials. There's a simple solution: Don't. Get. Hacked.
Be at least semi-intelligent and responsible for your own damn stuff for once. It's not Blizzard's fault that YOU got YOUR computer hacked. Blizzard didn't do anything - it's not something in their game, it's not to do with their servers, etc - it's your damn fault and they shouldn't have to bail you out. I'm still at a loss as to how so many people can be such total and complete morons.
Theserene Mar 15th 2008 6:25PM
It is not Blizzards fault that people get hacked, but insinuating that anyone who does get hacked is just stupid is not helpful either.
I liken it to saying to someone 'well, just don't get ill then!'. Offer constructive advice if you are an expert in the IT field or if you feel you know more than others.
AlmtyBob Mar 16th 2008 9:49AM
Ok, let's use the "don't get ill" metaphor. People who actively ensure they aren't keylogged using legitimate methods and not insane paranoia or voodoo methods (copy/paste = voodoo) are like people who watch their diet, stay in shape, and get vacinated.
People who are running around sharing their passwords with friends, logging in ANYWHERE but on their machine, and/or using IE at all or FF unprotected are like people who lick every doorknob they see.
Perrins Mar 15th 2008 4:47PM
i know it might sound frustrating to use but in order to prevent the character migration by the hackers using your cc to pay for it, wouldn't it be prudent using the prepaid gamecards? now if only they can make the prepaid game cards in 3 6 and 12 month increments....hell even an 18month increment would be cool. structure it with the same pay bracket as if you would pay for a year of WOW. that way when you do decide to move your toon to a different server you have to put in your cc info and that way it isnt stored in there forever.
i know this might be frustrating for some that just pay it once a year but it would be safer. keep the old system introduce this new system and see where things go.
AlmtyBob Mar 16th 2008 9:51AM
The hackers use CC's stolen from other sources. You must completely re-enter your CC when transferring a character. However, if you're the type who gets WoW keyloggers, then you've probably got a bank/CC keylogger as well. So the last thing I would be worried about in that case is a $25 charge.
Moshnerd Mar 15th 2008 5:40PM
Maaaan, poor Amanda. :(
I'd like to spam Moonfire all over that keyloggin' nub.
Moshnerd Mar 15th 2008 5:43PM
Oh, sorry for the double-post.
@34
I use the pre-paid cards as well, the major problem with them is they cost more per month than a subscription, due to packaging, shipping, etc., etc. I pay something like $35 Canadian for a 60-day time card. So, on the whole, it's not MUCH more than a subscription, but there is indeed a price increase.
Theserene Mar 15th 2008 6:27PM
There really is no consistency in their response. Saying they cannot replace the items to some people and restoring EVERYTHING to others shows that there simply is no process put in place behind the scenes to deal with keylogging occurances.
gault Mar 15th 2008 7:28PM
to gain new malware +95% resist:
run ALL day to day with non-administrator account.
strongly consider running non internet explorer web browser
Be educated:
http://www.google.ca/search?hl=en&q=practice+safe+computing
Isa Mar 15th 2008 8:43PM
WoW can be addictive, but I would just cancel my subscription, if Blizz were making me jump through hoops just to get my stolen character back with all of their stuff.
Accounts are getting hacked more frequently, with the rampant keyloggers that post links on their own forums...
Jes Mar 16th 2008 2:54PM
Most people have an 'always on' internet connection and use the same IP or at least the first 3 parts of the IP are always the same XXX.XXX.XXX.YYY .. Would it not make alot of sense to give users the option to enable an IP range that must match in order to login? Why has no one thought of this? I know that IP's can be spoofed but it does require a little more work on the hackers part but it would help in most cases.
Balloondoggies Mar 17th 2008 10:52AM
If you get a keylogger, it is your own fault. You can't blame Blizz, Your ISP, etc. Your actions resulted in getting a keylogger. If you take a few simple precautions, you will NEVER have a problem.
When I hear of people sharing accounts with others (not on the same computer) I just laugh and just wait for them to complain that they have been hacked. Even if your computer is secure, you can't say that for your buddy's.
The fact that Blizz is willing to help at all is something of a surprise. Then after they restore your char, you complain because you don't have the loot/gold you once had. Well tough s***, they could have just told you to reroll...
Dakria Mar 17th 2008 11:26AM
@Joshua Ochs &/or AlmtyBob
You seem to know a fair about about protecting your system from Keylogger's etc. Just after some serious advice on what is enough protection?
I don't share my account, I always use my own computer. It uses McAfee Antivirus & Firewall + Windows XP Firewall. In addition the Router's Firewall is enabled and selected ports open for the game to run. I browse with FF and use Noscrpit.
Is there anything else you'd suggest?
Thanks
Joshua Ochs Mar 17th 2008 8:17PM
That will generally do it. Firefox and NoScript prevent a lot of "drive-by" attacks. Beyond that, avoid sketchy sites like power-levelers or gold sellers, block advertising whenever possible, and don't run strange EXE's.
Heck, I don't even run a firewall (I'm behind a NAT, and worms aren't as prevalent as they once were) and I run anti-virus less than I should. But I'm just more careful with my Windows box, and I have no problems.
Meanwhile, I do all of my WoW stuff on my Mac. :)
chuckie Mar 17th 2008 9:12PM
dam i thought the copy and paste method was safe i started doing that since reading about amanda experience on getting her account hacked now im paranoid about ym account.
I use firefox/no script, Windows Defender,Spybot Search and destroy, Avast Antivirus,comodo Firewall and program called "SnoopFree Privacy Shield" that monitors what programs get access to your keystrokes. I cant be more secure and with all that im still paranoid.
One thing fore if it happened to me id quit unless i got all ym items back and from what i read that doesnt happen or at least its seems some people are lucky with that.
A guildy got hacked a month ago he was out of the game for about 1 month. This hacking thing is on the rise and will continue to do so im afraid.
But yes Blizzard need to sort out the login process and the restorating of peoples accounts and items. Its time for them to step up.
Koren Mar 18th 2008 8:48AM
Does running behind a router count as much as a good firewall? I do have one computer hosted as DMZ and open a few ports here and there for other programs (none for WoW though, a bit confused now?). Windows XP firewall and 2 (yes, 2) AV programs are active (incl Avast in which I firmly believe). And off course FF+NS are in place. Is that router doing anything to protect me?