Skip to Content

WoW Insider has the latest on the Mists of Pandaria!

Posts with tag Hacking

The Heartbleed bug and its effect (or lack thereof) on Battle.net

The Heartbleed bug, as it's been dubbed, is certainly hot news lately, with various sites being impacted and password reset advice abounding. But Blizzard has some good news: Battle.net was unaffected. However, the advice is to change your password if you used the same one elsewhere.

This is especially true if you're using the same email and password combination as you use for your Battle.net account on other sites. A big way that players get hacked, especially those without authenticators, is that their guild forums get hacked, or their email gets hacked, or their Facebook. Once those username and password combinations are known, it's possible for hackers to try them in various different places, one of which might be your Battle.net account. So be careful, mix up your passwords, and in light of these recent security issues, consider changing your passwords.

It's also a good idea, again as a general rule, to get into the habit of changing your passwords fairly regularly, for everything. So now might be a great time to start, even though Battle.net is unaffected by the recent issues. Hit the break for Blizzard's full post.

Read more →

Filed under: News items, Account Security

Safeguard yourself against WeakAuras gold exploit

The incredibly versatile and popular addon WeakAuras has been subject to a completely bizarre exploit lately, as Blizzard Customer Support Representative Vrakthris posted on the forums. The exploit was done by allowing malicious code to run, hiding itself as a helpful link from other ill-intentioned players.

The good news is that this is really easily fixed. The author of WeakAuras stepped in within hours of hearing about this with a modification to the code. Before performing either of these steps it's worth creating a backup copy of your Interface and WTF folders so that if something does go wrong you don't lose all your auras.

If you use the Curse client, all you need to do is uninstall WeakAuras, and install WeakAuras 2. Ensure that when you uninstall WeakAuras you uncheck the box that removes your in-game variables, and you're done. If you want to do it manually, head over to the download page, download it and merge the folders.

Simply log into the game and load up WeakAuras with the same commands as before, and you're done. Also, while this is fixed, a good general rule for WoW and the rest of the internet is this: don't click links from strangers.

Filed under: Add-Ons, Account Security

Blizzard confirms WoW account hacks, issues warning on security

Image
WoW Insider reported on this over the weekend, and Blizzard has now confirmed that there has been a security issue with the Mobile Auction House.

Blizzard Entertainment
There's been a recent increase in unauthorized World of Warcraft account-logins via our website and the World of Warcraft mobile armory app.

We're in the process of notifying any account holders who were not using an authenticator and whose account showed signs of unauthorized access (e.g., logging in from an unusual IP address). If you are among this group, you will receive an email describing how to reset your account.

As a result of these activities, access to the World of Warcraft auction house via the mobile app has been taken off-line temporarily. Upon request, our customer support team will restore in-game items and gold for any accounts impacted.

While no means of account security is guaranteed, every precaution you take to secure your computer and your account-including changing your password periodically-adds another defensive barrier. We strongly encourage everyone to take a few moments to read through the security tips available on our support website and follow the suggestions posted there.

As we mentioned in the original article, a GM had recommended the addition of SMS Protect to further secure accounts, and using unique passwords for your battle.net account. Also, running virus scans, keylogger scans, and malware scans is an excellent practice.

Filed under: Account Security

North American players may now update their security questions

Image
As an update to the security breach last week, players on North American realms will now be prompted to change their security question and answer when logging in to their Battle.net accounts. The security breach included no financial information; however, answers to personal security questions were compromised, as well as some information related to Mobile Authenticators.

In addition to the security question update, players may now also update their Mobile Authenticators as well. Please note, this is only in regards to North American accounts; players in Europe need to do neither of these things. And remember, if you are a North American player and have not changed the password on your account, doing so is an excellent idea.


Nethaera
As a precaution following our recent security update, players on North American servers please take a moment to visit Battle.net account management, where you will be prompted to change your security question as well as update your Mobile Authenticator. There you'll also find helpful tips and an FAQ, as well as instructions on how to add additional layers of security to your account, including the Battle.net Authenticator or the Mobile Authenticator for those that aren't already using one.

Filed under: News items, Account Security

Blizzard security breach, no evidence that financial data was compromised

Important security update from Blizzard
Mike Morhaime, the president of Blizzard Entertainment, reported today in a blog post posted on the official Blizzard website that a list of email addresses for Battle.net users, answers to security questions, and information relating to the Mobile and Dial-in Authenticator program were illegally accessed by outsiders. The security hole has been closed, but Blizzard is officially recommending that all Battle.net users change their passwords immediately. In the coming days, players will be prompted to automatically change their security questions and update their mobile authenticator software. A FAQ is available here.

The full post is below.

Mike Morhaime
Players and Friends,

Even when you are in the business of fun, not every week ends up being fun. This week, our security team found an unauthorized and illegal access into our internal network here at Blizzard. We quickly took steps to close off this access and began working with law enforcement and security experts to investigate what happened.

At this time, we've found no evidence that financial information such as credit cards, billing addresses, or real names were compromised. Our investigation is ongoing, but so far nothing suggests that these pieces of information have been accessed.

Some data was illegally accessed, including a list of email addresses for global Battle.net users, outside of China. For players on North American servers (which generally includes players from North America, Latin America, Australia, New Zealand, and Southeast Asia) the answer to the personal security question, and information relating to Mobile and Dial-In Authenticators were also accessed. Based on what we currently know, this information alone is NOT enough for anyone to gain access to Battle.net accounts.

We also know that cryptographically scrambled versions of Battle.net passwords (not actual passwords) for players on North American servers were taken. We use Secure Remote Password protocol (SRP) to protect these passwords, which is designed to make it extremely difficult to extract the actual password, and also means that each password would have to be deciphered individually. As a precaution, however, we recommend that players on North American servers change their password. Please click this link to change your password. Moreover, if you have used the same or similar passwords for other purposes, you may want to consider changing those passwords as well.

In the coming days, we'll be prompting players on North American servers to change their secret questions and answers through an automated process. Additionally, we'll prompt mobile authenticator users to update their authenticator software. As a reminder, phishing emails will ask you for password or login information. Blizzard Entertainment emails will never ask for your password. We deeply regret the inconvenience to all of you and understand you may have questions. Please find additional information here.

We take the security of your personal information very seriously, and we are truly sorry that this has happened.

Sincerely,
Mike Morhaime

Filed under: News items, Account Security

The day Fox's account got hacked -- and how you can learn from his mistakes

The day Fox's account got hacked  and how you can learn from his mistakes
Ladies and gentlemen, hello. My name is Fox Van Allen. I've been playing World of Warcraft for nearly four years. And despite all I know and all my warnings I've given you, the reader, it still happened. Last week, I, Fox Van Allen, had my account hacked.

The first question I'm inevitably asked is, "You? What excuse do you have to not have an authenticator?" Well, truth is, I do have an authenticator. I use my iPhone. But one day a few weeks ago, that ever-changing number display just somehow fell out of sync with what WoW was expecting me to enter. Trying to re-sync did nothing. To get back into my account, I had to have the folks at Blizzard take my authenticator off the account.

And that's how it happened. I foolishly forgot to reattach it right away -- I really haven't played a heck of a lot of World of Warcraft on account of my move to Los Angeles. It just wasn't on my mental list of things to do. And wouldn't you know it, barely a week after I had my authenticator disconnected from my account, I started getting emails from Blizzard. Not the usual spam, but legit receipts. Receipts for $105 worth of server transfers and faction changes that I didn't authorize.

That's when the pit of my stomach gave way. I knew immediately the emails were legit. And if the emails were legit, then I had to have been hacked. It's one of the worst feelings in the world.

Read more →

Filed under: News items, Account Security

You cannot get hacked by playing public games in Diablo 3

Image
After years of keyloggers and trojans from unsafe browsing, unsecured computers, or just plain bad luck, WoW players should be pretty used to the concept of a compromised account and how said compromises happen. Unfortunately, Diablo III players don't appear to be as familiar with them, which has resulted in some pretty maddening discourse on the official forums and across the internet.

Just like WoW accounts, Diablo III accounts are worth real money. Blizzard has had experience dealing with compromised accounts for years. This is why it introduced the Battle.net Authenticator, a second level of security that makes it very, very difficult to get your account compromised. Authenticators don't make it impossible to get your account compromised, but they do make compromising your account much more trouble than it's worth in the face of mass keylogging, which is how accounts are normally stolen.

Some people who haven't had a WoW account before but bought Diablo III were undoubtedly surprised when their accounts were compromised, which is understandable. An editor at Eurogamer had his account hacked and responded with an article suggesting that players were getting their sessions hijacked by joining public games and that people were getting compromised with this method even with authenticators attached to their account. Unfortunately, sites all over the internet picked up the story and also reported the session hijacks and bypassed authenticators as fact.

The problem is that neither of those things were correct. In fact, Blizzard says it's actually impossible to do with Diablo III due to the way the infrastructure is set up.

Read more →

Filed under: Blizzard, Account Security, Diablo 3

Hacker groups tried to take down WoW ... and failed

luzlsec
Given the recent hacking of major companies, could WoW be hacked? In an article posted today at Digital Spy, Lead Game Designer Tom Chilton replies that attempts have been made recently, but Blizzard came through unharmed.

While the question and answer doesn't specifically say LulzSec or Anonymous, I think it's safe to assume LulzSec is the group in question, given the recent high-profile attacks on U.S. government sites and other MMOs, like EVE Online.

Most of LulzSec's work has been focused on DDoS attacks and breaking into servers to create "lulz." During their most recent spree, rumors abounded that WoW was a target; however, nothing came of it. It would now appear nothing came of it thanks to Blizzard's security measures.

Tom Chilton
Several major gaming studios have fallen victim to hackers of late. What measure are Blizzard taking to ensure that WoW is not hit?

We have always tried to be as diligent as we possibly can when it comes to security. Certainly when hacking was going on with other companies recently there were numerous attempts against ourselves also. Fortunately, our security was good enough, so we didn't lose data or anything like that.

We always put a high priority on security, but that's not to say you can ever be impregnable. We're not resting on our laurels saying 'they can't get us'. It's always a possibility, and we take it very serious, but so far, so good.


Filed under: Blizzard, News items, Account Security

Breakfast Topic: Has your account ever been compromised?

This Breakfast Topic has been brought to you by Seed, the AOL guest writer program that brings your words to WoW Insider's pages.

Account security is a serious matter in Azeroth. If a player's account is ever compromised, it can be a devastating blow. You work hard to reach the level cap, run the dungeons and raids for the gear your character needs and level your chosen professions. Chances are, you also have a fair amount of gold from questing, dailies, and your professions. If hackers gain access to your account, they wreak havoc while inside, stripping your characters of everything they have, taking all your gold, and selling anything of value.

My account has only been hacked into once, but it was more than enough for me to doublecheck my security settings, wipe my hard drive, and buy an authenticator. When my account was hacked, I was beyond devastated. All of the hard work I put into my characters was gone in an instant. Hackers move a lot like a fire.

Read more →

Filed under: Breakfast Topics, Account Security, Guest Posts

Breakfast Topic: What made you decide to get an authenticator?

This Breakfast Topic has been brought to you by Seed, the Aol guest writer program that brings your words to WoW Insider's pages.

Once again, Blizzard is encouraging its players to use authenticators to protect their Battle.net accounts. In addition to the incentive of a lovable Core Hound Pup pet provided to all World of Warcraft characters on an account that has an authenticator attached, there is now a contest going on to win an iPad for your best Core Hound Pup screenshot, and we've even received reports that free authenticators are being offered to owners of accounts that have previously been compromised. Still, incentives alone aren't enough for some players. Sometimes it takes an incident to drive the point home.

For me, it was a hacking scare involving my girlfriend's account. We had just resubbed to WoW in preparation for Cataclysm and were having a blast when she got a notification from Blizzard that her account had been locked due to an unauthorized break-in. Nothing was gone, no items destroyed, no gibberish-named level 1s created, but she did have to change her password and verify to Blizzard that she was still herself. She was playing on a Mac, used Adblock and had disabled Flash on her browser, and she only visited a handful of websites on a daily basis, all very innocuous places like Gmail and WoW Insider. We figured it was an isolated incident, but just to make sure, she wiped her hard drive and reinstalled WoW. Then, a week later, it happened again. I couldn't believe it, and I still don't know how or why she was targeted, but I ordered our authenticators the very next day. We haven't had a problem since.

What convinced you to get an authenticator? Was it a contest, a promotion by Blizzard, or a hacking scare? If you don't have an authenticator yet, what's holding you back?

Blizzard announces automated account recovery form for hacked accounts


World of Warcraft accounts have been under siege for years, with hackers and gold-selling outlets stealing passwords, items and more to fill their coffers, selling that gold to unwitting buyers. Blizzard has fought back incessantly over the years to stem the tide of gold farming and account hacking, and as you can imagine, the scale at which this happens is very tasking on its customer support department.

Blizzard has just announced a new, speedier way to get help and answered about your hacked account, stolen items, authenticator issues and more! Now, under the new system, you will not have to email or call Blizzard to get these matters into its queue -- simply use the Account Recovery Form.

Read more →

Filed under: News items, Account Security

Breakfast Topic: Hacked off by hackers

This Breakfast Topic has been brought to you by Seed, the Aol guest writer program that brings your words to WoW.com.

Hacked! It is not fun, and it happens more than anyone would like to admit. Gear, gold and pride, all pilfered by some stranger.

It starts with a simple email from Blizzard. Hmmm, it's my first-ever email from Blizzard that causes immediate concern. It says that my account has been "banned and deleted" for buying or selling in-game gold for profit. I am stare at it in shock for a minute ... Is this a joke? My heart starts racing. I run back to my office computer to figure out what to do, and my head starts spinning in confusion. My immediate emotional response catches me off guard ... My head starts to pound. All that work, all that time, all the friends ... just gone ...

And then the high-level anger sets in, as logic begins to prevail. Wait, I never bought gold. I never even considered it! What is going on? I jump online and write an appeal with blazing speed, fueled by my troll rage. In retrospect, this was not exactly the smartest move and probably served to delay my account restoration. I recall that it read something like this ...

Read more →

Filed under: Breakfast Topics, Account Security, Guest Posts

New scam tries to give you a free Celestial Steed

One of the sadder parts of this job is reporting on the numerous scams that sweep across the World of Warcraft landscape. It's no secret that your WoW account is valuable to thieves -- the entire gold-selling industry is built on a foundation of hacked accounts and stolen items.

Their latest scam vehicle? Our inherent desire for sparkle ponies. Let's get two things straight off the bat:
  1. You did not just win a free Celestial Steed mount. That in-game tell is an attempt to steal your account.
  2. No one just bought you a Celestial Steed mount. That email you got is an attempt to steal your account
If it sneaks by your spam filter, the latest scam email can be quite convincing. The message, which appears to be from sales@mail.blizzard.com, masquerades as a receipt for the purchase of the $25 Celestial Steed mount. Of course, the email is not actually from Blizzard (the "from" email is spoofed), and the links to Battle.net and Worldofwarcraft.com inside send you to a phishing website designed to steal your password or infect your computer with a keylogger.

Attempt to collect your sparkle pony, and within a few short hours, your entire account will be under someone else's control. If you haven't put an authenticator on your account, the scammers will do it for you, locking you out of your own account and severely hampering your ability to get it back.

More information on the latest scam, what you can do to protect yourself and what to do if you're a victim, all after the break.

Read more →

Filed under: News items, Account Security

Drama Mamas: Hacking a friend's account


Drama Mamas Lisa Poisso and Robin Torres are experienced gamers and real-life mamas -- and just as we don't want our precious babies to be the ones kicking and wailing on the floor of checkout lane next to the candy, neither do we want you to become known as That Guy on your server.

It was really hard to choose from the many dramalicious emails we got this week. So much drama, so little time. I'm happy we have so many topics to choose from, but sad that so many of you have to go through so many dramafied situations. This one really did stick out as pretty dramarific, however. Dramarily! Drama-lama ding dong! Dramastified. OK, I'm drama-done. Turn the page for all the dramaness.

Read more →

Filed under: Analysis / Opinion, Drama Mamas

Security Warning: Phishing emails on the rise

Recently, Polar over at Securing WoW wrote about the latest phishing email being sent out by scammers. Account thieves are using the 2010 Arena Tournament as a way to lure you to their site to steal your login info. (Registration for the tournament ended on the 27th continues until June 7.) This is typical behavior by these crooks. Every time a Blizzard event is announced or even rumored, from the Cataclysm alpha to the StarCraft II beta, scammers take advantage it with legitimate looking emails. With the Cataclysm beta almost upon us, the expansion related phishing is going to get even worse.

But there are also the tried and true emails that are being sent out daily, regardless of upcoming events. They spoof their email so that it looks like it is coming from Blizzard and fill the email with legitimate links, making their info-stealing site link look real. Also, the links have misspellings which are hard to catch at a quick glance, (like "starcratf2" or "worldotwarcraft") and lead to sites that look very much like the official ones.

Blizzard has an excellent resource for protecting yourself from phishing attacks. In general, if you get an email that looks legitimate, type battle.net in your browser's address bar (spell it correctly). This will take you to the correct site for your region and there you can see the status of your account yourself. Some examples of phishing emails are after the break.

Read more →

Filed under: Account Security

WoW Insider Show 

Subscribe via  iTunes for our latest show.

Hot Topics


 

Upcoming Events

Event Date
Hallow's End 10/18 - 11/1
Day of the Dead 11/1 - 11/3
Darkmoon Faire 11/2 - 11/9
BlizzCon 2014 11/7 - 11/8

Around Azeroth

Around Azeroth

Featured Galleries

It came from the Blog: Occupy Orgrimmar
Midsummer Flamefest 2013
Running of the Orphans 2013
World of Warcraft Tattoos
HearthStone Sample Cards
HearthStone Concept Art
Yaks
It came from the Blog: Lunar Lunacy 2013
Art of Blizzard Gallery Opening

 

Categories