Patch 5.2 interview with Dave Kosak
Inside an old alt's vault
The latest patch 5.2 news
All of the latest Mists of Pandaria newsBreakfast Topic: Has your account ever been compromised?
by Andrew Ross 
Apr 19th 2011 at 8:00AM
Account security is a serious matter in Azeroth. If a player's account is ever compromised, it can be a devastating blow. You work hard to reach the level cap, run the dungeons and raids for the gear your character needs and level your chosen professions. Chances are, you also have a fair amount of gold from questing, dailies, and your professions. If hackers gain access to your account, they wreak havoc while inside, stripping your characters of everything they have, taking all your gold, and selling anything of value.
My account has only been hacked into once, but it was more than enough for me to doublecheck my security settings, wipe my hard drive, and buy an authenticator. When my account was hacked, I was beyond devastated. All of the hard work I put into my characters was gone in an instant. Hackers move a lot like a fire.
They move fast, and they leave a wave of destruction in their wake. It took roughly a week to have everything in my account restored to what it was prior to the hacking. This was long before Blizzard streamlined the restoration process for hacked accounts. After it was all said and done, I not only invested in an authenticator but a goblin security system that rivals the bank in Gadgetzan.
Have you ever had your account compromised? How severe was the damage? Did you take any measures to prevent it from happening again?
| Yes | |
|---|---|
| No |
Filed under: Breakfast Topics, Account Security, Guest Posts
Reader Comments (Page 9 of 9)
Spark Apr 19th 2011 7:24PM
-----
Bfree380 Apr 19th 2011 2:45PM
Has there actually been a verified incident where someone with an authenticator was legitimately hacked (i.e. no one else had access to the authenticator)??
-----
All attacks that have been reported (but with few confirmations and lots of noise) seem to involve removing the authenticator from the account in some manner. Either the attacker manages to social engineer / con their way to removing the authenticator or they also know enough additional information to "verify" their identity to Customer Service.
With that in mind...
There ARE examples of man-in-the-middle malware discovered in the wild that was designed to go after online banking. There are considerably more complications involved in making this attack successful. However, it has been pursued. It wouldn't be outside the realm of possibility for future token MITM malware to be applied to gaming accounts. And that's likely to come in to play once all the password-only low hanging fruit is plucked clean.
Which doesn't mean that the Authenticator is a waste of time. But it's not a silver bullet.
Dan Apr 19th 2011 2:52PM
I had one time been hacked, that was all it took. I got just about everything back..... except one thing. I'm a pet collector, so imagine my dismay as I was so happy to have my toons back, yet I was missing one single thing. I was missing my 4th anniversary pet, the baby Blizzard bear. I fought tooth and nail trying to get it back, even told them to look at my account which still had the achievement, they said "there is nothing we can do". Needless to say, I bought an authenticator, it replaced a pet, but there is still one missing......
Eirik Apr 19th 2011 2:59PM
One case you didn't mention: http redirection.
That is, the phishing mail includes a link to an authentic blizzard web page - but it is laundered through their server. You might even see the actual blizzard URL in your browser after clicking on the link. But the traffic goes to blizzard via their site, which means they see you enter your password, or your NEW password...
kahlos Apr 19th 2011 3:06PM
My account was hacked once last Summer and Blizzard said to me on the phone that my account was offline, while my guildies on AIM were confirming the location of my Hunter/Warlock PvP'ing and mining. Luckily nothing was missing on my main's and only my lower 70's level Shaman got all his stuffed vendored but I gained tons of Ore in the process. :)
Quidamtyra Apr 19th 2011 3:24PM
I was hacked back in BC before authenticators were available. I didn't go to a dodgy website or anything, it was an addon through curse that contained the virus. My main character was transferred off realm, and all my characters were sitting dead outside Shadow Labs with every bit of gear broken. I had to pick pocket my way to repair my weapons to kill things to repair everything else. The bastard even made a character on both realms named Haha (with spelling variations).
Since then I've pressed the greatness of authenticators to many-a-guild mates and friends, yet some still refuse to get one. The - sadly - funniest one so far has been "I don't need an authenticator, I'm not a retard." Then get spammed with him logging on and off and asking what's going on when he gets 5 seconds online. We told him on vent that he was being hacked.
And yet, people still refuse to get authenticators, even with the free versions for phones. We still have people getting hacked in my guild, and a couple of them had the hackers put authenticators on their accounts. Irony at it's best.
nymrohd Apr 19th 2011 3:52PM
I got hacked during WLK. Could not play for a day. When I got my account back and got item retrieval I made a ridiculous amount of gold since I had a massive stock of items on my bank and retrieval got my multiple times those back (plus it was right when ToC had launched and I suddenly found myself with two stacks of crusader orbs).
mozzarrella Apr 19th 2011 4:11PM
Twice, one time when I was on vacation and I logged into my account on the Blizzard site to make sure I canceled my sub for the time I was going to be gone, two days later I get an (authentic) email from Blizzard saying my account is being investigated for conduct violating the EULA. So after all the times I got in trouble as a kid for looking at porn and "making all our confidential data right out in the open for the haxorz" turns out my mom has been the cause of the trouble all along >.<
Also, recently, I tried to log in after about a day and kept getting kicked off the server immediately so I went on my account page, changed my password, logged in and found some generous hacker had raised my Mining skill from 24 to 425 :D
mozzarrella Apr 19th 2011 4:12PM
edit* logged in to the Blizzard site from my mom's personal computer*
Robert Apr 19th 2011 4:36PM
May this be a cautionary tale to those who think that having an authenticator is perfect security.
My account with an authenticator got hacked just over a year ago. I logged in on my brothers PC and a keylogger picked up my email address and password. I foolishly used my primary email address (gmail) as my wow account and the passwords were the same. My secret question was even the same! (What a fool I was!)
The hackers were able to gain control of my gmail account, then contact Blizzard and convince them that my authenticator had died. The authenticator was removed from my account, and from there the hackers had free reign of my account.
Since then I have taken a few security precautions. First off, If I lose my password I'm screwed, since the answers to my security questions are always something like "dasfasdweqrhnrisbaq" or "If you don't remember this you are rightly screwed..."
I paid for a domain registration and setup an email address under my own domain name which I've used for my Battle.net account, so there is some security by obscurity. The email address is also ONLY used for WoW and nothing else.
MrDrew Apr 19th 2011 4:45PM
Before authenticators when BC had just come out my account had been compromised 2 nights in a row >.<
After talking to customer service and getting a solid anti spy/adware program I didn't have any issues ever again, then they came out with authenticators and I bought 2 right off the bat.
Steffan Apr 19th 2011 5:44PM
I've only been hacked once, and man, I was freaking the HELL out over it (kinda stupid of me, in retrospect). Anyway, I tried to log on, no dice. Checked WoW-heroes, and my mage had been stripped to the skivvies. Called Blizz, emailed Blizz, telegraphed Blizz, and got my stuff back in bout a week. After that, I made a new email for WoW exclusively and changed my passwords.
John Apr 19th 2011 7:15PM
Exactly what I'm saying. If you received a random e-mail saying that your password was changed, and you clicked the link it gave, that was probably what caused your account to get hacked.
Titan Apr 19th 2011 7:59PM
I was hacked back in June of Last year. All my Death Knights gear/gold..gone. Even stuff from my assorted lowbies was taken. Login one night in Dalaran, to find all my gear/gold taken and my bank cleared out as well. jump back and forth between my other toons and anything worth some gold is gone. Put in a ticket thru the ingame help service system, waited for about 2 weeks(give or take a few days), and got all my stuff back.
One plus that came out of all this was I was able to buy my Epic Flying with the gold i was returned.
Got The Authenticator a few weeks later, and havent looked back.
To Anyone on the fence about getting one: GET IT. The peace of mind is totally worth it.
Lemons Apr 19th 2011 9:31PM
Nope, and for most of my account's life I didn't have an authenticator (although I do now). I chalk it up to using strong passwords, scanning regularly, and having nothing of value. then I saw a friend get hacked and that was enough for me. I was like "well if he can get hacked then I can get hacked too!" So I bought an authenticator that very same day and I really like the piece of mind it gives me, even tho it is a tad annoying having to type in a number every single time I log in, it's 100% worth it!
dmberreth Apr 20th 2011 2:25AM
I've been using good security software since before I started playing WoW. Been active in many other MMOs before this, as well. Part of keeping yourself safe is being careful. I've run Avast's Free home AV for years, as well as Spybot Search and Destroy, and in the past year picked up Malware Bytes on recommendation of a friend who works in Blizzard CS/Account recovery.
That aside - my accounts still have an authenticator, and I wouldn't think of not doing it for any additional accounts. $6 without a capable mobile authenticator phone - Free with? For the peace of mind alone, there is hardly a better deal.
On a fun side note: I was one of the winners of the Twitter contest a while back for a free authenticator. Can't beat that.
Kaelendra Apr 20th 2011 4:33AM
My wow account has never been hacked... i do use an authenticator via my iPhone (shipping to Canada's ridiculous); but, my rift account has been hacked.
datgrl Apr 20th 2011 11:54AM
They tried to hack it when a member of my guild was hacked. Having an authenticator prevented it. Other good things to do - don't 'auto download', manual download. Change your password every 3-4 months. And don't give out your login to anyone. Create a unique email account you use for your WOW login, only.
Prelious Apr 20th 2011 12:21PM
Voted No! Thanks to working in a DoD environment, Sec +, CISSP, 15 char password(s), Dedicated Blizz e-mail..oh and enrolled to start Certified Ethical Hacker (CEH) training later this year (Sun Tzu had it right).
Authenticator ftw!