Skip to Content
1-11-2010 @ 11:09AM
Strangely enough, I've never got my account hacked or know someone who has. And no, this isn't some stupid troll post either. Am I alone here?
1-11-2010 @ 11:13AM
I've actually only seen it happen once, and that was to someone in my old large guild who I didn't really know.Despite that, however, this is a problem that trickles its way down to everyone, regardless if you actually get hacked or not, so I'm in favor of some authenticators with Cata, and considering buying one myself fairly soon.
1-11-2010 @ 11:38AM
You're not alone. I fall into the same category. I don't have an authenticator yet either but the sooner the better it seems.
1-11-2010 @ 11:43AM
I've never seen it happen either. I still have an authenticator.
1-11-2010 @ 11:52AM
I've seen it happen to one person in nearly four years of playing, and only in the last month. During the month a keylogger was on there, he was hacked four times. He was never able to remove the keylogger no matter how many utilities he ran, so he ended up having to blow away the machine and rebuild it. Problem solved.Oh, and where did the keylogger come from? Downloading pirated software from a torrent. You can be sure he knows not to run random EXE's now.I have ZERO sympathy for people who get hacked. I've yet to hear of a case where people didn't later admit to doing something monumentally STUPID to get hacked in the first place. Go ahead - show me an example of "drive by" hacking. These aren't the pre-XPSP2 days, where worms and network attacks were prevalent. It's all social engineering, and getting people to click things they shouldn't. Which boils down to stupid end users.Screw authenticators, and screw restoration. Let them just blow away the account and give you a new password. Get hacked again because you didn't clean up your mess? Three strikes and you're out. That will get you to clean up your computer, and Blizz and the rest of us don't have to subsidize your stupidity.
1-11-2010 @ 12:02PM
I've never been hacked either in the few years that i've played, nor have any of my RL friends that i know of.Still, the more and more time i get invested into my toons the more i worry about it...Regarding the pet for getting an authenticator - can you use it on all of your toons like the anniversary pets, or is it like the recruit-a-friend zebra where you can only choose one toon to use it on?
1-11-2010 @ 12:10PM
I'm an officer in a very very large guild (3000+ members) and we have someone getting hacked every couple of weeks. We talk about authenticators to the members constantly, but there are still people who just don't seem to get the message. I must confess I get rather tired of hearing "I didn't think I really needed one!" or "I'm too smart and savvy to get hacked."There have been cases of people picking up a keylogger that was embedded in an ad on a legitimate, mainstream website, even without clicking on the ad. You can do everything right in terms of browsing practices, and still get hacked. Not everyone who gets hacked is an internet noob, folks. Two-factor authentication is your friend!
1-11-2010 @ 12:35PM
@Joshua Ochs "Go ahead - show me an example of "drive by" hacking. These aren't the pre-XPSP2 days, where worms and network attacks were prevalent. It's all social engineering, and getting people to click things they shouldn't. Which boils down to stupid end users."Quite possibly the most pointless and uninformed post about PC security I've seen yet. You really think XP SP2, Vista and Win 7 are immune to flash hacks and browser vulnerabilities? Get a clue. Most keyloggers didn't come in from worms or network attacks either, they were and still are mostly spread through browser exploits. You also can't forget that family PCs are shared, so even with Win 7's enhanced security all it takes is a young sibling or uninformed parent to click "OK" and you've lost your account.I got hacked during the process of installing Windows XP on my computer (FYI- all those XP CDs didn't magically get updated to SP2). While waiting for drivers, updates and everything else to download and install I figured I'd go to my usual, trusted addon sites and get the latest copies of the few addons I needed. I can tell you the sites- curse, wowwiki, worldofwar.net. None of these are hacker sites, and I don't ever click on banners. But one of them must been targeted with a flash exploit, so before I could get the PC patched up I was infected. My account was taken that weekend. It was absolutely my fault, and I knew the risk at the time, but most PC users wouldn't even think about the security risk. Are they stupid? Certainly not, but they're not security engineers either. It's unfortunate that people like yourself think they need to be in order to use a PC. Instead of treating people like idiots, why not just hand them a $5 authenticator and solve the problem for them?
1-11-2010 @ 12:37PM
Gotta say I agree with AndremedaSC. You can bring your chance of getting hacked close to zero with smart internet browsing practices but when a legit website gets hacked, infected, whatever, or an ad ends up carrying the bad stuff.. you can't control that. You can just hope your anti-virus and whatever other things you have on your computer to protect you catch it.So, Authenticator = Good Idea. Though I do understand why people are reluctant (especially if they have to buy one separately) so I think that packaging it with a game would be the best bet.
1-11-2010 @ 12:40PM
I haven't heard about anyone in my whole server that has been hacked, though I'm sure a few must have.
1-11-2010 @ 12:51PM
@inexodus"You also can't forget that family PCs are shared, so even with Win 7's enhanced security all it takes is a young sibling or uninformed parent to click "OK" and you've lost your account."And... we're back to dumb users for $200."While waiting for drivers, updates and everything else to download and install I figured I'd go to my usual, trusted addon sites and get the latest copies of the few addons I needed."And... we're back to dumb users for $200. You clearly know enough about Windows and security to know that you DON'T DO THAT until you've updated and gotten your anti-malware of choice set up. Otherwise you're a... dumb user."Are they stupid? Certainly not"I'm on the fence on that one, although the lion's share of this is to be laid at Microsoft's feet. Thankfully with Windows 7 being a reasonable upgrade from XP, we'll slowly see this fade away, much as IE6 will slowly (too slowly!) fade away.
1-11-2010 @ 12:58PM
Ive seen it happen to three people in my time playing.One was an idiot and went to wowdupe.Second claimed he "didn't know what happened", but had shared his account info with his brothers and subsequently, a friend of those brothers. He was also known for being the type of person who cannot admit they're at fault. Third was a botter. After Glider was taken out, he went on a mad search for replacements. His account was compromised a week later, and our guild lost tons of enchanting mats.So I've seen the whole spectrum of accounts being compromised. There were a few others who used hacking as an excuse for trying to ninja our bank. I'm pretty sure they were not actually hacked. I know some others who bought gold, but I think they got away with it.I agree it's a problem, even more so after the battle.net merger. But I think the best way to attack the problem is mandating the authenticators WITHOUT charging the customers. If we have to wait until cataclysm, so be it. But even at that point, authenticators should be shipped for free to each account.If you mandate the authenticators and ship them wit the expansion that's good, but that still effectively locks out everyone else who doesn't buy the expansion. Don't treat your customers poorly blizzard! Ship them for free, take the financial hit, and ship them with each copy sold from here on out! Everyone wins.
1-11-2010 @ 3:03PM
@Joshua OchsYou're really asking a lot. "Average PC users" includes a wide range of people, most of whom have had little or no security training. When Windows 7 asks "Can this program do something to your PC?", only a small fraction of them actually understand what's going on. To label them all "stupid" only shows that you don't understand who's playing this game or buying PCs. Feel free to point me to the mandatory security class that comes bundled with every Windows PC purchase though, maybe I just clicked "OK" and skipped it.Just to provide some perspective, I'm not your average PC user. I've worked in security for almost 10 years, I have multiple certifications and I'm finishing a masters degree in the field. Despite that, I made one mistake by trusting a few websites and was compromised. I've already said it was my own fault, so no need to point that out. But knowing what I do, there's no way I expect an average user to understand every way their PC might be compromised. The only truly guaranteed protection is to not use the computer at all. So I'm absolutely behind anything that gets authenticators into more players' hands, because they provide security that the user doesn't need to understand. It just works.Now, should it be mandatory? Well that's ultimately up to Blizzard. My suggestion would be to bundle an authenticator with Cataclysm and refuse restoration to any account without one. That would shorten restoration times for players who are actually protecting their accounts, and allow the rest of you who still think you're secure to opt out. Just don't expect much sympathy from your guild when they lose their ICC geared main tank because he thought he was safe.
1-11-2010 @ 3:10PM
@ Joshua OchsSo... I flew across country to visit my family for the holidays. I used my old PC there to play WoW, though during the year I was gone it was used mainly by my young niece. If I had gotten hacked because of something my niece had clicked on, that would make me an idiot? Despite the fact that I had no way of knowing or monitoring her actions online? And despite the fact that she's just a child and not some tech-savvy security expert? I would be an idiot if she (or anyone) got the computer infected by a keylogger that the anti-virus software failed to catch? Or are you insinuating that anti-malware software is infallible? Face it. While there are certainly plenty of people who get hacked for foolish reasons, there are also people who take every precaution and are merely unfortunate enough to get infected either because they are targeted by a new hack that hasn't been caught/anticipated yet, or a brief lapse in judgement. (And, no, a brief lapse in judgement does NOT an idiot make. If that were the case, then there would not be a single person in the world who is not an idiot. We are all prone to mistakes.) I'm sorry we can not all live up to your obvious perfection.
First time? A confirmation email will be sent to you after submitting.
Members enter your username and password.
Enter your AOL or AIM screenname and password.
Please keep your comments relevant to this blog entry. Email addresses are never displayed, but they are required to confirm your comments.
When you enter your name and email address, you'll be sent a link to confirm your comment, and a password. To leave another comment, just use that password.
To create a live link, simply type the URL (including http://) or email address and we will make it a live link for you. You can put up to 3 URLs in your comments. Line breaks and paragraphs are automatically converted — no need to use <p> or <br /> tags.