Skip to Content
9-22-2010 @ 3:05PM
Sounds great. Waiting for the better part of a week to get your account back is not fun. Realizing all your stuff isn't recovered afterward makes it worse.How do they prevent keyloggers from getting this info and resetting your account again after you reset it? I hope they have a series of challenge questions (random?) like banks or something.
9-22-2010 @ 3:14PM
Thats why the steps show scanning your system BEFORE you go to recover the account. Most just skip over that and get hacked again.
9-22-2010 @ 3:17PM
Come to think of it, why exactly can't operating system designers simply write their code to not allow any third-party script that records keystrokes?....
9-22-2010 @ 3:21PM
Because keyloggers are legal. Many companies use them to make sure employees aren't misusing company time, or just a way to keep tabs on them.
9-22-2010 @ 3:22PM
How would you regulate the difference between a keylogger or a Word Processor then?
9-22-2010 @ 4:35PM
9-22-2010 @ 5:11PM
OK fine, *records AND transmits* keystrokes. I just can't shake the feeling that operating system designers could easily solve this problem. Not saying they deserve the blame for it, they clearly didn't create the problem, but they're in the optimal position to do something about it, if only they had some motivation to do so.
9-22-2010 @ 5:37PM
-----Grovinofdarkhour Sep 22nd 2010 5:11PMOK fine, *records AND transmits* keystrokes.-----You mean like WoW does?If this were a trivial issue to deal with, it'd be handled in the OS by now. Even if it wasn't, various anti-malware / anti-spyware suites would have the issue all sewn up. They've got keylogger detection in their products now but you're going to get false positives.
9-22-2010 @ 5:39PM
"Hackers are, after all, a combination of ninja and fly."lol... but seriously, the advice isn't that bad. "Hackers" can be coworkers that can have widely varying levels of gruntledness. The person you fully expect to be walking by and even stopping in the doorway to chat with you needs no ninja skills...
9-22-2010 @ 6:01PM
This week I got an email from Blizzard (legitimate) saying the password on my old account had been changed. This account has been non-paid for at least 3 months (without me even trying to log into it). I go to the account and yes - password is changed.The account has an authenticator on it, my computer has no malware or viruses. Even my wife doesn't know the password. I did the automated recovery which worked fine. When I got back into the account only the password had been changed. The authenticator was still on the account.My question is this - how was this account compromised?
9-22-2010 @ 6:47PM
Rimar -A lot of accounts are 'brute forced' these days. Even if your system is clean (check with more than one spybot/virus program to be sure!) hackers with a lot of time on their hands can pick random emails and run programs that brute force the password, IE, they took a lot of wild guesses. AFAIK, WoW does not have a 'you cannot log in for X amount of time due to failed passwords' feature that a lot of banks and the like have, so they just keep guessing. Programs can do this super fast, without any human input. This is commonly how free web emails get hacked into for spammers, too.
9-22-2010 @ 8:41PM
Kudos to Blizzard for coming up with this system. Hopefully, it will lead to quicker and less painful recoveries for thos affected, and it should help lessen the phone queues for Billing & Accounts Services. The only possible problem I can see is if the user still has some compromise on their machine and they proceed in filling out the details requested from this form - you may be potentially passing along secure information to the keyloggers. I would recommend that people complete these forms from another machine, one that is not compromised, just to help eliminate that possibility.
First time? A confirmation email will be sent to you after submitting.
Members enter your username and password.
Enter your AOL or AIM screenname and password.
Please keep your comments relevant to this blog entry. Email addresses are never displayed, but they are required to confirm your comments.
When you enter your name and email address, you'll be sent a link to confirm your comment, and a password. To leave another comment, just use that password.
To create a live link, simply type the URL (including http://) or email address and we will make it a live link for you. You can put up to 3 URLs in your comments. Line breaks and paragraphs are automatically converted — no need to use <p> or <br /> tags.