Patch 5.3 interview with Ghostcrawler
Mystery of the Unborn Val'kyr
The latest patch 5.3 news
All of the latest Mists of Pandaria newsBreakfast Topic: Has your account ever been compromised?
by Andrew Ross 
Apr 19th 2011 at 8:00AM
Account security is a serious matter in Azeroth. If a player's account is ever compromised, it can be a devastating blow. You work hard to reach the level cap, run the dungeons and raids for the gear your character needs and level your chosen professions. Chances are, you also have a fair amount of gold from questing, dailies, and your professions. If hackers gain access to your account, they wreak havoc while inside, stripping your characters of everything they have, taking all your gold, and selling anything of value.
My account has only been hacked into once, but it was more than enough for me to doublecheck my security settings, wipe my hard drive, and buy an authenticator. When my account was hacked, I was beyond devastated. All of the hard work I put into my characters was gone in an instant. Hackers move a lot like a fire.
They move fast, and they leave a wave of destruction in their wake. It took roughly a week to have everything in my account restored to what it was prior to the hacking. This was long before Blizzard streamlined the restoration process for hacked accounts. After it was all said and done, I not only invested in an authenticator but a goblin security system that rivals the bank in Gadgetzan.
Have you ever had your account compromised? How severe was the damage? Did you take any measures to prevent it from happening again?
| Yes | |
|---|---|
| No |
Filed under: Breakfast Topics, Account Security, Guest Posts
Reader Comments (Page 5 of 9)
Sorcha Apr 19th 2011 8:59AM
I was hacked once through a series of unfortunate decisions.
I had a range of passwords and usernames, which I used for different things. I always mixed and matched them so nothing ever shared the same info. I also had a username and password that was completely individual for WoW, not shared by anything else. When I merged my WoW account to battle.net, I originally intended to register with a brand new email, to reinforce that secure state; I decided not to do this because I thought Blizzard might suspect I was trying to merge an account that wasn't mine. So I signed up with the email address already associated with my account, which over time had become my second-string general email address. This meant that I was now using one of my 'general' usernames for WoW. I also took the opportunity to change my password.
Then I decided to sign up for a Wowinsider account. Stupidly, I didn't think enough to realise that I should probably quit using my email address as a sign-up now, so I used it rather than a new one. I decided to come up with a new password for Wowinsider too; why not, since it would be preserving my 'extra security' for WoW-related things and besides, one just popped into my head that was complex but easy for me to remember!
Yeah, it popped into my head because I'd changed my WoW password to it when I merged.
So, through a series of events which I fully recognise I was dumb not to notice, I ended up with identical log-in information for WoW and WoW.com. And then I put my wowinsider info in on an unsecured PC...
Needless to say, when I realised I'd been hacked, I ordered an authenticator, since obviously I wasn't as good at protecting my security as I'd thought.
Mofogo Apr 19th 2011 8:59AM
Yeah my account was hacked. You might say it was a good thing though as weird as that sounds. I got a random email about a year after my time had expired saying that I had been banned for exploiting the economy. So I went through all the steps to get it back which wasn't that hard. The only problem was the emails were getting sent to my spam so a couple times I went up the chain of command b/c I didn't think they were answering me. Ooops.
It made me resubscribe and then I got into a guild that raided and have had a lot of fun since then. They restored all my stuff and even left all the thorium ore for me that the hacker had farmed up. Basically funded my 310% flying as soon as Cata launched. So that was cool :)
Eirik Apr 19th 2011 3:10PM
gmail will still occasionally send authentic blizzard mail to your spam folder. I use Thunderbird as a client, and have to log in to google's web client to pull things out of spam, as spam isn't downloaded to your client. (At least, not with the settings I know about.)
cebova Apr 19th 2011 9:00AM
I returned to wow during the last couple months before cata (vanilla player before then). I leveled a dk to 80 and one day I log to find all of my toons gone and replaced with an army of lvl 1 jibberishly named toons. I was wiped. I started checking on line to see what had happened and was met with a slew of terrile tales and miserable treatment by blizzard. I was just about ot give up but decided to open a ticket and was contacted the next day by a rep . Three days later I was back playing my dk (with a snazzy new iOS authenticator and a core hound pet) no problems since then.
My mistake was answering a 'blizzard email' about account security. I clicked a link on a poorly constructed grammatically abysmal email in a blind panic and allowed them to do just what they said they were ttruing to prevent.
Thanks to blizzard for the great work and I recommend an authenticator to everyone.
magicjamie Apr 19th 2011 9:01AM
Twice here. The second time they actually tried to steal my account for good, which was scary. I got the message and got an authenticator, as well as upgrading my antivirus.
Jason Apr 19th 2011 9:01AM
Once. I was using a weak password I'd used on other sites, so I blame myself. I'm using a much stronger password (that changes periodically) and I got sn authenticator as soon as I could. No problems since then.
I recommend an authenticator to all my guildies and have even gone so far as to offer to buy one for one who said they couldn't afford one (even tho it's only $6).
Randy* Apr 19th 2011 9:01AM
When "The Big Bang Theory" recently did an episode where someone had hacked Sheldon's WoW account (and he called in the police), I was very surprised that he, of all people, did not have an authenticator. Of course, if he had, they wouldn't have had a story. It just seemed so out of character for Sheldon who is always so careful.
doncristobal Apr 19th 2011 9:05AM
For people without an authenticator try this:
Hit capslock
Type your password
Hit enter
TADA ! You're in .. cause blizzard normal authentication procedure FRAKING IGNORES lower/upercase values. Porn sites have more sensible authentication than Blizzard.
So, you wan me to spend 10 euros or what it cost PLUS shiping for what ? For you having a crappy auth procedure.
If i get hack (after 5 years of playing i havent yet) they better give all my stuff back pronto !
dryankem Apr 19th 2011 9:06AM
I was hacked about a year ago. I was playing on about 3 different computers at the time and one of them must of had something. Got my authenticator 2 weeks later.
I had only been playing about 3-4 months so there wasn't much for them to take, in fact the only thing I had lost was a death knight I had just created. The hackers had used the account for spamming gold sites in the trade chat. When I log into that account, I still see that I have 1 char in about 50 realms (even though they are not there anymore), which is a reminder to keep things safe.
Jessica Thompson Apr 19th 2011 9:14AM
I got logged and when I tried to log back in someone put an Authenticator on... yeah I was pretty peed off!
Hillazon Apr 19th 2011 9:16AM
Hill's guide to WoW account security:
1. Use a special email address for all WoW fansites, not the email address you use for battle.net. These websites are much more likely to get hacked than you are. Ever since Curse got hacked by a malicious ad, I've been getting fake emails re: my Blizzard account, but since they're on my WoW-site only email, I know they're fake.
2. Authenticators! The iphone/android one is free.
3. Use an adblocker for every browser you use. Sorry, advertiser-driven websites, but my security trumps your income everytime. Do a better job of screening your ad sources.
4. Use an adblocking proxy. Not every program that communicates with the internet is a browser. For example, the Curse client.
5. Keep your OS up to date, as well as all antivirus software. For windows, Microsoft MSE is pretty good, resource-light, and free. Yes, sometimes Microsoft actually does things right!
6. Hooray for having a mac version of wow!
7. Be careful where you get your addons from. If it's an executable, it's probably fake.
8. On windows, make sure you have the setting that shows all file extensions, not just "known types." This is the most common way of faking things (e.g., horriblevirus.zip.exe)
9. Don't use the password you use for battle.net/wow/blizzard on anything else, and make sure it has some numbers and special characters in it.
10. don't buy gold, leveling, or someone else's account. seriously. just don't do it.
Noyou Apr 19th 2011 12:04PM
I try not to use addons as much as possible for various reasons. I am not as PC savvy as I should be so I will ask to clarify #7 for me and anyone else out there. Executable as in an .Exe file? What else should/can we look for when downloading addons?
Hillazon Apr 19th 2011 12:22PM
Wow addons are simply a folder of text files (written in "lua") that you stick in your addons directory.
There shouldn't be an "installer" or an .exe file.
Name Anon Apr 19th 2011 9:21AM
The email address I use for my WoW account is one that is used only for a few things. Few enough that I don't get much spam on it at all.
Another email address I use had zero spam until until a friend's email account got hacked. (This is how spammers get more email addresses to spam as well as another place to send them from.)
Anyway, one of the reasons I won't use realid is that would be compromising the safety of my battle.net email address - at least based on my experiences.
The funny thing is that somewhere Blizzard recommends you use a different email address for your battle.net account. This basically says don't use realid to me.
LynMars Apr 19th 2011 12:43PM
The only thing the use of the battlenet email does in Real ID is verifies that you're adding that particular battlenet account to your in game friendlist, and that it's actually coming from your battlenet and not someone attempting to get personal info from your friends. Once that's done, the email is never seen, used, or accessible again--only your and the other person's name on the Friend's List.
Real ID is handy for family and close friends. Don't give it to people you only know in game if it worries you, but the privacy on it so far as emails go is pretty decent.
Zerlina Apr 19th 2011 9:21AM
Even before the Authenticator, I've not been hacked. My passwords were never simple, and I change them often. I guess I'm one of the lucky ones.
Miri Apr 19th 2011 9:28AM
Got hacked in BC. I was doing Netherwing dailies with guildies (no raid night) and I saw my alts start signing on. I was able to start kicking characters and my husband was resetting passwords on the accounts as soon as we realized what was going down. The guild got my great reaction of shock, horror, and the the rant that followed in vent as I realized what all they had wiped out. They managed to hit my original WoW account, which didn't have too many high level characters on it, but they wiped out my tailoring and enchanting mats pretty quickly.
It was a godsend that they didn't get my second account, which would have given them free reign over our guild bank and all the raiding supplies in it.
Blizzard was great on helping me restore what I had lost--I sat online on the account until I got a GM response (it was a long night), and we ended up switching to email where I outlined stuff that I remember being in my bags and they took care of the restoration. I think I was settled again within 4 days. Blizzard restored deleted characters, gear, and items from my banks. It was a mess, but they did a great job of cleaning up.
I became a total panic when I had to play the characters on that account shortly thereafter.
Now I have an authenticator (wasn't available then) and I'm very careful about what I do :)
Trisnics Apr 19th 2011 9:29AM
I have been playing with an active account since release (Nov 2004). My account has never been hacked. However, I do have an authenticator. I'm a guild leader and I got one to protect the guild. It was a smart decision and I think that a lot of people who still refuse are just lazy.
I have seen many people who stated "I have never been hacked I am just careful" get hacked weeks after saying that, including one of my officers.
Hillazon Apr 19th 2011 1:09PM
My old raiding guild used to include "do you have an authenticator" as one of the questions on the application.
We got one application on [date] that said "No. I'm careful and won't get hacked. Authenticators are for noobs."
On [date+2]: Application withdrawn; reason: account hacked.
The lols on our message board were EPIC.
Hillazon Apr 19th 2011 9:29AM
Blizzard should put an authenticator in the box.