Account security is your responsibility, not Blizzard's
by Amanda Miller 
Feb 27th 2009 at 3:00PM
PlayNoEvil recently published an article explaining why they think it is that hackers target gamers by stealing their passwords and other account information. While there is some truth in the premises offered, articles like this one only serve to fuel conspiracy rumors and encourage players to think of themselves as victims rather than take responsibility for their own account security.
Gaming companies do place some of the blame for a compromised account on the account holder, and for good reason. The hacker certainly didn't gain access to your computer because of their actions, and their computers that store your information are as yet untouchable.
The browsers you use, sites you visit, firewall settings, anti-virus software and update practices are just a few of the ways that you contribute to your own hacking experience.
Sharing your account information with your lover, best friend and mother may sound safe, but you don't control the security of their computers, or their friends' computers. The majority of people I know who have been hacked signed into their accounts on their sibling's computer or a publically shared machine.
In fact, NASA ended up with a keylogger targeted at gamers on the International Space Station. It traveled aboard on the laptop of one of the astronauts. You just can't trust any computer that isn't your own.
It may be hard to hear, but a hacked account is because of something you did, whether it was an unfortunate stroke of luck, such as stumbling onto a redirect on a legitimate website in the small window before the site addresses it, or a serious oversight in security on your part.
PlayNoEvil's assertion that the blame on the consumer coming down from the gaming companies is because they suspect you of being a gold farmer is just ridiculous. If your account was hacked because of your involvement with a gold farming or power leveling service, you deserve any of the blame, suspensions and bans that you do get, but not every compromised account holder is accused of being in the gold farming business.
Another idea put forth is that the government has no ability to or interest in getting involved with virtual theft. While there is some truth to that, it doesn't fit into the bigger picture.
If we ask the government to police virtual theft, we'd open the door for them to police every virtual issue and every virtual space, from pornography to personal blogs. It opens a giant can of worms that no one would currently know how to fairly and effectively contain.
In addition, virtual issues are gaining more media attention as well as garnering legal consequences. This is still new territory, and developing and enforcing laws takes a lot of time and resources. The system can't be set up in a day, and there are other virtual crimes that are higher on the priority list.
Asserting that the gaming companies aren't doing anything is also incorrect. Blizzard, for one, has been shutting down gold farming sites, doling out lawsuits, and adding in-game features to help combat against gold farming. The more headway they make, the less lucrative account stealing will become. After all, who do you think they sell all your stuff to?
I remember having a conversation with a buddy of mine about his Guild Wars obsession, as I was trying to suss out whether I'd like it or not. I was essentially informed that add-ons aren't strictly allowed, and so they all come from various websites and are .exe files, but that in his opinion, without them, the gameplay just wasn't as appealing.
I told him what I am going to tell you. If you want to develop your gaming account during your free time, with hours of effort and money invested, and insist on downloading from questionable websites, running executable files, and plugging them into a game that doesn't really want them, then you will get hacked, and it will be your fault. Fortunately, WoW runs differently, and add-ons are relatively safe, as long as you get them from reputable web sites.
As for the assertion that companies do not keep adequate records of account transactions and therefore cannot restore your items, this really depends on the company and the game. Keeping all of those records and hiring the personnel to return your things would be incredibly costly. Blizzard is pretty proficient at it, but the circumstances are unique to each developer.
Hackers target gamers because they are in possession of goods that can be sold for a profit. As it is a virtual theft, you have to work to secure these assets by securing your machine and developing better habits. WoW Insider strives to provide you with news of the latest security holes and the various measures you can take to fortify your computer, but we can't do it for you, and neither can Blizzard.
Filed under: Analysis / Opinion, Blizzard, Add-Ons, Account Security
Reader Comments (Page 1 of 4)
Mark Feb 27th 2009 3:08PM
This is an excellent article, Amanda. I wish more players understood this. I roll my eyes every time I hear someone say, "There's nothing wrong on my end. I think Blizzard's servers were compromised."
Zerokku Feb 27th 2009 3:16PM
Agreed. My comp currently doesn't have a proper working firewall and virus protection and hasn't for some time but I just take care of the small things on my end that I can (Firefox + addblock + noscript) and have yet to have any security problems =P
People just need to be more careful.
jbodar Feb 27th 2009 7:09PM
@Zerokku
Until you allow scripts on the wrong site, that is. ;p
Shulkman Feb 27th 2009 3:16PM
Moron
msingletary Feb 27th 2009 3:18PM
This is a very good article that I hope goes a long way in curbing the common misconception that the player is never at fault. Just because your anti-virus and anti-spyware software says you're clean doesn't necessarily mean you are. Why do you think there's so many anti-virus programs out there? None of them are perfect and can definitely miss something, especially if it uses new technology.
Oh, and we shouldn't give these script kiddies the benefit of being called hackers. They're not hacking anything. Tricking people into downloading software laden with viruses and/or spyware (like a keylogger) takes no skill.
Auto Feb 27th 2009 3:18PM
Security is ALL on the users end. It is up to YOU to prevent account hacking.
For my part, I use Firefox with Ad Block and NoScript when web browsing. I use Mcafee AV/Spyware and firewall. I also use HazardShield and System Mechanic. I feel very confident in my protection level with these.
I Was a victim of the Allakhazam ad keylogger in the early days of WoW. I know how important it is to be secure......
Linden Feb 28th 2009 11:33AM
Having done lots and having lots of friends who work in IT (either as programmers or IT support) the biggest cause of computer errors is
"between keyboard and chair"
people also need to remember that just because you have antivirus + firewall doesn't make you immune to running that nice little .exe you found, especially as a lot of antivirus systems assume that some program that you have explicitly run (ie clicked on and run) is ok.
Lorsty Feb 27th 2009 3:19PM
Very good article. As someone who posts often on the LA Customer Service forums, trying to help people, I sometimes /facepalm at the people who start screaming at Blizzard because they think the hacking was on Blizzard's side.
I've been there, sadly, and I know it was my fault I got hacked, but some people just don't seem to understand that. In fact, I was surprised to find out Blizzard even helps us to try to get back our accounts and all we lost.
I remember a guy though, who was very special because he said something among the lines of "[...] my computer is fine, but my account must have been compromised that day I logged in from another computer[...]".
Some people are just careless. =(
WeirdoKitty Feb 27th 2009 3:22PM
I think one way hackers get people's passwords happens when a player logs into the forums from a public machine, such a school library computer or a friends machine. You can have all the security apps in the world on your gaming machine, but if you log into the forums on some other machine, you could be handing your info over.
Chris Feb 27th 2009 5:08PM
You hit it right on the head. People are over thinking things when it comes to account security. I would guess that 75% of password theft in MMOs happens when someone creates a forum account on some random website with the same username and password they use for WoW. Some malicious gold seller sets up a blog. Offers up a Tiger Mount for some contest and links it on several reputable blogs. Thousands of potential victims come pouring in. Hell I imagine a huge number of victims are people who bought gold and used their WoW password to create the purchasing account.
Jason Feb 27th 2009 3:30PM
Get the Blizzard Authenticator and be done with it. I bought mine for $7 and had it in my hands in under a week. Took me a whole 30 seconds to configure my account for it.
You can not access your account in anyway without it! Not in the game, not from the website.
Jamesisgreat Feb 27th 2009 4:06PM
I wish they'd just upped the price of WotLK a bit and shipped those things with the expansion.
Rollo Feb 28th 2009 12:02PM
The authenticator is great. But imagine the day when you have twenty different authenticators on your desk for different web sites, accounts, games. It's clearly not the ideal solution either.
Ridged Feb 27th 2009 3:24PM
The more headway they make, the less lucrative account stealing will become.
This is false - the demand is the same if you decrease supply cost goes up which means it becomes MORE lucrative to steal accounts. The same is true in every illegal marketplace, take the drug market as an example: everytime the DEA makes a major bust there are less drugs with the same demand which causes cost to go up, making it more attractive for someone to swoop in and take the place of the last busted drug lord. This is why it seems as if no headway is ever made, but it does NOT mean we should stop attempting to thwart drug dealers - and the same thing goes for gold sellers.
Rock Feb 27th 2009 3:55PM
The negative aspects of having drugs illegal.
Vs the
Negative aspects of having drugs legal.
I've yet to see a good solid persuasive reasoning as to why the later is not better. But I digress this isn't the place for such : )
Also, just to play devils advocate here, one could reason that as the cost goes up demand, in a case like this, could go down. If you raise the prices to a point, on something like this, that is simply unreasonable people just aren't going to do it.
However, I think the point that Amanda might have been trying to make was more supply side. Is it going to be worth the time/effort to steal an account or level one up then sell it, if it's just going to get banned before it can be sold?
I don't think it's too unreasonable to assume with these two factors working together on an item like wow accounts (an unnecessary luxury really, with an alternative "legal" way of acquiring one) that making headway could indeed be a good way of thwarting the gold sellers.
You really can't compare drugs to wow accounts though, it's a totally different ballpark.
John Feb 27th 2009 4:24PM
I agree with Rock completely.. all of it.
Gordon Feb 27th 2009 3:30PM
For the most part I agree, however my own experiences make me wonder. Prior to Wotlk i stopped playing. I removed WoW and formated my computer. I use a different password for my Warcraft account. Two and a half months later I received the dreaded "Your Password has been changed e-mail" and was sent into hacked account hell. So there was no saved passwords on my computer for a trojan to steal, Wow wasnt installed and my computer had no trace of the game for two months. Talking to a few friends afterwards, both online and off, the same things had happened to others. My experience makes me wonder if hackers look for accounts that are idle and brute force them.
Spark Feb 27th 2009 5:54PM
I have to disagree with Jesse on the idea that the Authenticator solution is driven by greed. Two-factor authentication is, generally, a good solution. However there is added cost involved over the traditional password system. Costs include the token, the infrastructure, and support.
It's hard to determine the token cost as Vasco isn't very forthcoming with their per-unit pricing. But I know RSA tokens go for a whopping $50 per unit. Paypal sells their tokens at $5 ea. And someone on the WoW forums claims they've gotten a dealer to provide pricing at $18ea for the Vasco Go 6 (Blizz authenticators are branded versions of these) at a minimum of 5,000 units.
It's possible that Blizzard is making money off the deal. However, I wouldn't be surprised if the Authenticator pricing is simply sharing the cost with the customer. Your $7 fee helps eat part of the cost of Blizzard providing you with improved security. Blizzard eats the other part of that cost as they hope, ultimately, it decreases their support costs.
Arras Feb 27th 2009 3:30PM
Blizzard takes more steps than other companies to help their customers secure their accounts. They have a dedicated support team, numerous ways for customers to get in touch with support and the authenticators of course.
Blizzard holds up their end of the account security bargain and then some, it's up to us as players and customers to do our part.
Get an authenticator. Only use addons from sites you trust, don't click on ads - especially ones that sell gold, powerleveling, etc.
A little common sense dashed with some healthy internet paranoia will go a long way to keep you hacked free.
Jesse Feb 27th 2009 3:43PM
Ah yes, the authenticator. There were so many ways Blizzard could stop keylogging, and how did they choose to do it? By selling you something. Hooray Greed! (Don't get me wrong, I probably would have done the same thing, but don't act like the authenticator is Blizzard trying to solve the problem, it's blizzard trying to make another buck.)