Posts with tag Hacked
In addition to the security question update, players may now also update their Mobile Authenticators as well. Please note, this is only in regards to North American accounts; players in Europe need to do neither of these things. And remember, if you are a North American player and have not changed the password on your account, doing so is an excellent idea.
The full post is below.
Account security is a serious matter in Azeroth. If a player's account is ever compromised, it can be a devastating blow. You work hard to reach the level cap, run the dungeons and raids for the gear your character needs and level your chosen professions. Chances are, you also have a fair amount of gold from questing, dailies, and your professions. If hackers gain access to your account, they wreak havoc while inside, stripping your characters of everything they have, taking all your gold, and selling anything of value.
My account has only been hacked into once, but it was more than enough for me to doublecheck my security settings, wipe my hard drive, and buy an authenticator. When my account was hacked, I was beyond devastated. All of the hard work I put into my characters was gone in an instant. Hackers move a lot like a fire.
Important note: The following guide assumes that you have not put an Authenticator on your account. There are no confirmed cases of accounts being stolen if they are protected by an Authenticator.
While there is some truth in the premises offered, articles like this one only serve to fuel conspiracy rumors and encourage players to think of themselves as victims rather than take responsibility for their own account security.
Gaming companies do place some of the blame for a compromised account on the account holder, and for good reason. The hacker certainly didn't gain access to your computer because of their actions, and their computers that store your information are as yet untouchable.
The browsers you use, sites you visit, firewall settings, anti-virus software and update practices are just a few of the ways that you contribute to your own hacking experience.
Sharing your account information with your lover, best friend and mother may sound safe, but you don't control the security of their computers, or their friends' computers. The majority of people I know who have been hacked signed into their accounts on their sibling's computer or a publically shared machine.
In fact, NASA ended up with a keylogger targeted at gamers on the International Space Station. It traveled aboard on the laptop of one of the astronauts. You just can't trust any computer that isn't your own.
It may be hard to hear, but a hacked account is because of something you did, whether it was an unfortunate stroke of luck, such as stumbling onto a redirect on a legitimate website in the small window before the site addresses it, or a serious oversight in security on your part.
At the time we published that first story (which was later disputed by a customer support representative), Blizzard contacted us here at WoW Insider, offering to clear up players' concerns about the new keys. We quickly submitted to them a few questions pulled from our own writers and a few submitted by readers, and they've now returned the answers to us -- you can find Blizzard's answers to our questions about the Authenticator after the break. Thanks to Blizzard for answering our questions about how these keys work, and clarifying some of the issues around their security.
Most people agree on that. Where opinions differ are in how the account was hacked -- originally, we and a few other sources speculated that the Authenticator had been somehow removed from the account in question. But now Belfaire has responded (we believe to the incident in question, though a link to our story was removed from the original post), and says that as far as he can tell, the Authenticator was not removed from the account. In fact, after the password was changed back, the Authenticator's serial key was asked for and given, so the Authenticator remained attached to the account the whole time.
Of course, that just leaves the most important question: how did the account get hacked? We've heard all kinds of various insights as to how the Authenticator works (it only lasts for 60 seconds, supposedly each key can only be used once, so there's no way a keylogger could nab the Authenticator code and reuse it), but the fact remains that the person we're talking about was using the key, and still got hacked. One hack out of all the Authenticators sold so far is a terrific record, and could prove that, statistically, an Authenticator is good as 100% security. But the fact remains that this person got hacked while using the key (however it was done), and if security can be broken once, it will be broken again.
Think a Blizzard Authenticator will keep your account from being hacked? Think again -- we've got our first known report of someone who was protecting their account with one of Blizzard's keys, and still got their character hacked down to their undies. Someone in this forum thread apparently logged out one night and logged on the next morning to find her account stripped of everything but PvP gear, and her Authenticator no longer connected to her account.
Supposedly, to deactivate an Authenticator from an account, you need to get in touch with Billing services, and reportedly they'll then ask for a notarized statement with a picture, like a driver's license, just to remove the Authenticator. But obviously, this one was removed even without that, and we're being told that all you might need to remove the Authenticator is the answer to the user's secret question and a CD key (or even less). In other words, the fault isn't with the technology, it seems to be with the support reps on Blizzard's side of the phone line -- if they can be convinced to remove the Authenticator, the account can then be hacked.
The little keys have been selling like hotcakes since they were released -- almost everyone has figured that $6.50 was cheap for peace of mind. But while an Authenticator still does provide an extra step in security, the sad truth is that it hardly makes an account impermeable.
The worst part of the keylogging episode was that my Shaman was transferred from a PvP to PvE server. After about a week in limbo my beloved Tauren was returned to her proper place. I was extremely relieved. Unfortunately that's the only thing on my account that Blizzard was kind enough to restore. They refused to return any of my gear or gold and did nothing about the items ninjaed from the guild bank. I appealed their decision with several emails. Those appeals were ubiquitously denied despite logical arguments and heart-filled plights. I thought it was all over, for better or for worse.
I got more bad news in my email box the other day:
- We chatted about Amanda's hacked characters, and what a little name-dropping will get you from Blizzard (not much)
- We confronted whether all this new badge loot makes raiding worthless (surprise -- we decided it does not)
- We talked about all the new class changes on the PTR, with a special look at Shamans, and the Warlock change to Lifetap.
- We ran over what Rob Pardo said during the GDC Liveblog
- And finally, we wondered just what kind of player it takes to PuG with Adam