Breakfast Topic: Has your account ever been compromised?
by Andrew Ross 
Apr 19th 2011 at 8:00AM
Account security is a serious matter in Azeroth. If a player's account is ever compromised, it can be a devastating blow. You work hard to reach the level cap, run the dungeons and raids for the gear your character needs and level your chosen professions. Chances are, you also have a fair amount of gold from questing, dailies, and your professions. If hackers gain access to your account, they wreak havoc while inside, stripping your characters of everything they have, taking all your gold, and selling anything of value.
My account has only been hacked into once, but it was more than enough for me to doublecheck my security settings, wipe my hard drive, and buy an authenticator. When my account was hacked, I was beyond devastated. All of the hard work I put into my characters was gone in an instant. Hackers move a lot like a fire.
They move fast, and they leave a wave of destruction in their wake. It took roughly a week to have everything in my account restored to what it was prior to the hacking. This was long before Blizzard streamlined the restoration process for hacked accounts. After it was all said and done, I not only invested in an authenticator but a goblin security system that rivals the bank in Gadgetzan.
Have you ever had your account compromised? How severe was the damage? Did you take any measures to prevent it from happening again?
| Yes | |
|---|---|
| No |
Filed under: Breakfast Topics, Account Security, Guest Posts
Reader Comments (Page 1 of 9)
Roy Apr 19th 2011 8:17AM
What are you talking about? They update definitions for MSE all the time - at least once a day, which is how often I update.
MusedMoose Apr 19th 2011 8:18AM
Seconding the kudos to Blizzard for their attention to accounts. Last week, my cable modem broke, so obviously I couldn't play WoW. When I logged back in after three days, it was early in the morning, just to check mail; I usually only play in the evenings. To my complete surprise (and some initial panic), I got a message when I tried to log in saying that they'd detected a change in my login patterns, and I had to go change my password.
I have to admire Blizzard for putting a system in place that recognized me logging in at a different time, after *not* logging in for several days, and concluded that it could mean I'd been hacked. Kind of amazed me after I stopped to think about it. ^_^
MusedMoose Apr 19th 2011 8:20AM
Seconding what Roy said. Every time I open up MSSE, I see that it updated itself either the previous day or earlier that same day. Not sure what your update standards are, Pew, but if at least once a day isn't good enough for you... @_@
joff_graham Apr 19th 2011 8:21AM
No, definitely no kudos for that. I was locked out of my account SIX times this weekend because of this 'security' measure, and two of those times were consecutive lockouts - where I was locked out immediately after being forced to change my password.
It's driving me absolutely mental, and if anyone can help me figure out how to turn it off, I would be hugely grateful! My housemate, who's been having a break from WoW, recently decided to re-sign and give it another go - only to find the same lockout triggered from some unknown cause. That was the end of his return.
(Otherwise - mobile authenticator is the best dollar you'll ever spend. Just do it. No excuse not to have it)
Raginghobo Apr 19th 2011 9:09AM
I think its a great prevention tool, I never noticed this feature till I logged in overseas. I could understand if you wanted to turn it off, did you contact blizzard about it?
Bonemeal Apr 19th 2011 11:59AM
Yeah, no kudos from me either. Logging in at work (graveyard) , where I'd been logging in at least to check my auctions every weekend for several months, got me this stupid message. Reset my password 3 times before I gave up, their system is a great idea implemented poorly. Especially since not only was I blocked from the same IP and at the same time as was regular, I WASN'T blocked when I logged in at an odd time when I went on vacation over a hundred miles from home.
Levi Apr 19th 2011 12:06PM
I think they changed something this week. I had the same thing happen - I usually only log in @ home. Went to my inlaws 60 miles away, tried to log in and was locked out for "a change in log in activity". I changed my PW immediately as requested, and was locked out again. I'm a bit torn though - thanks for protecting my account, but come on - I pay to play, I want to play when/where I want. I understand if they saw a log in from Seattle/China/UK when I live in upstate NY, but not some place easily reached physically by me. I actually had to have a conversation w/ my father-in-law for frak's sake! Thanks Blizz (j/k kinda)
Elektrokoch Apr 19th 2011 8:04AM
Never.
But storys of guildies beeing hacked made me use an authenticator.
Brozarius Apr 19th 2011 9:14AM
Same here ...
And since the authenticator app on the iPhone is free and you get a nice little Corehound Pup ... there is no reason not to get that extra safety!
Canth Apr 19th 2011 9:26AM
My son's account got hacked yesterday. We noticed him online while he was at a friend's house, his char was unresponsive to guild-chat and whispers. We logged into his account, but were immediately kicked back out.
So I changed his password, we logged in, and found his char in Hyjal, with his bags practically full of herbs. (and all his gear still on him). So we said thank you to the gods of chinese herb farmers, and are now trying to figure out how we can get them to bot-farm some more herbs for us ;)
I have no idea why they didn't loot the guildbank (tons of herbs, gold, ore, etc) but I am not complaining. We're going to format his laptop this weekend and see about getting him an authenticator so we can prevent this in the future.
Jhestor Apr 19th 2011 9:30AM
My worst day ever was being hacked despite using an authenticator... compromised via curse's auto-update utility.
Oh well :-(
renork Apr 19th 2011 10:21AM
I don't know how you were compromised jhestor but it wasn't curse's autoupdater. More likely it was on a webpage you visited and you didn't even realize it at the time.
Ice Apr 19th 2011 10:24AM
I havent been personally and I use authenticator nowdays but heres story of my old guild:
We HAD to register to guild website, for forums and stuff like that. No problems there I thought, "good to keep contact to".
That was about 3 years ago at start of wrath before battle net merges etc.
But sadly and bit rudely I have to say, our guild master was little blue-eyed, "bad with computers" and just foolish as was most of the guildies. Nice people, not that bright..
So why I'm telling this? Well it happens that our guild master was not so clever or responsible, so he one day got his account hacked after clicking links on their email..
It didnt take long until the keyloggers found out that he was guild leader and had website to run with EVERYONES email..
So that means that everyone in the guild started getting phishing emails because naturally they all used same email as wow account.. (before battle net merge so they werent that careful). I was wondering how the heck my other email started getting phishing emails from wow, I mean how in the world would they know THAT address because I used another? Well some digging found out that oh yeah, I used that to register to old guilds website..
So in the end 6 out of 14 guildies got hacked. Yep.. like I said, nice people but not that bright. It goes without saying but if you havent already, go change your email address off from any wow related site to something else than battle net one!
I'm still utterly bitter how irresponsible the guy is, he is guild leader after all!
I'm STILL getting spam email from him and hes computer must be filled with keyloggers (example everytime you talked to the guy thro msn you would get advertise to shady sites) after repeatedly saying to clean up the computer but "its fine I dont feel anything besides who cares its not like I have anything to hide on my websites". Seriously..?
tatsumasa Apr 19th 2011 1:43PM
no but i've had about a thousand emails saying it was from 'blizzard' (or bl1zzard or blizzord) wanting me to verify my account at a different website each time and threatening me that my account will be banned forever if i don't... what's interesting is that i've never used that email for anything except my wow account (and i run avg regularly) so the only way the would-be hackers could have got my email was from blizzard.
Eirik Apr 19th 2011 2:05PM
@renork: hate to burst your bubble, but there was indeed an episode where the Curse auto-updater was implicated in a compromise issue. I do not know if it was specifically the auto-updater itself, the installer for the auto-updater, or the installer for one of the addons being updated. But I do remember those tales, although "verily, I did not witness it myself".
Izzy Apr 19th 2011 4:37PM
@Eirik anecdotal third-hand stories are not proof. I have heard the same stories but no one has ever come forward with any proof it ever happened, just stories. Like Bigfoot, I doubt it ever happened.
It was a rumor most likely started by jerks that didn't like Curse charging for premium services. I've had the Curse client since beta and premium service since it was offered and my account (with authenticator) has never been hacked.
Austin Apr 20th 2011 11:00AM
@Izzy: It happened to me back in early 2006, and on an email and computer that I only used with WoW and Curse. These stories don't come from nowhere, man.
MusedMoose Apr 19th 2011 8:04AM
I have an authenticator, picked one up even though I haven't been hacked. I figured that spending six bucks was a hell of a lot better than dealing with everything that comes with being hacked. @_@
I also run Microsoft Security Essentials, a free antivirus/antimalware that a friend of mine who's a real computer guru recommended. It's worked out very well for me and isn't a resource hog; I'd highly recommend it.
Xylaria Apr 19th 2011 8:10AM
MSE's definitely one of the best AV/Anti-malware pieces of software on the market. I'll second the recommendation, if you don't use it, you should.
And yeah, I second the authenticator thing too. Never was hacked myself, but after seeing several people I know get hacked, I decided it was worth the $6.
Noyou Apr 19th 2011 10:47AM
Seconded on MsE. Although I had been using AVG for years and never seemed to have a problem. I made the switch after reading about it from users on here actually. Did some research and asked around. It's been great so far. I also use Firefox for web browsing. Another thing I did was a while back changed my email for battlenet to a totally new and exclusive account just for them. I would also recommend any time you enter an important password (or use a credit card) I would wipe cookies and delete temp files. Yes I am paranoid but no I haven't been hacked. (knock on wood!)