Skip to Content

WoW Insider has the latest on the Mists of Pandaria!

Posts with tag hack

The Heartbleed bug and its effect (or lack thereof) on Battle.net

The Heartbleed bug, as it's been dubbed, is certainly hot news lately, with various sites being impacted and password reset advice abounding. But Blizzard has some good news: Battle.net was unaffected. However, the advice is to change your password if you used the same one elsewhere.

This is especially true if you're using the same email and password combination as you use for your Battle.net account on other sites. A big way that players get hacked, especially those without authenticators, is that their guild forums get hacked, or their email gets hacked, or their Facebook. Once those username and password combinations are known, it's possible for hackers to try them in various different places, one of which might be your Battle.net account. So be careful, mix up your passwords, and in light of these recent security issues, consider changing your passwords.

It's also a good idea, again as a general rule, to get into the habit of changing your passwords fairly regularly, for everything. So now might be a great time to start, even though Battle.net is unaffected by the recent issues. Hit the break for Blizzard's full post.

Read more →

Filed under: News items, Account Security

Blizzard confirms WoW account hacks, issues warning on security

Image
WoW Insider reported on this over the weekend, and Blizzard has now confirmed that there has been a security issue with the Mobile Auction House.

Blizzard Entertainment
There's been a recent increase in unauthorized World of Warcraft account-logins via our website and the World of Warcraft mobile armory app.

We're in the process of notifying any account holders who were not using an authenticator and whose account showed signs of unauthorized access (e.g., logging in from an unusual IP address). If you are among this group, you will receive an email describing how to reset your account.

As a result of these activities, access to the World of Warcraft auction house via the mobile app has been taken off-line temporarily. Upon request, our customer support team will restore in-game items and gold for any accounts impacted.

While no means of account security is guaranteed, every precaution you take to secure your computer and your account-including changing your password periodically-adds another defensive barrier. We strongly encourage everyone to take a few moments to read through the security tips available on our support website and follow the suggestions posted there.

As we mentioned in the original article, a GM had recommended the addition of SMS Protect to further secure accounts, and using unique passwords for your battle.net account. Also, running virus scans, keylogger scans, and malware scans is an excellent practice.

Filed under: Account Security

Exploit Hotfixed: Azeroth's cities safe once more

Exploit Hotfixed Azeroth's cities safe once more
Nethaera hopped on the forums today to let us know that the massive city deaths were indeed a result of an exploit taken by nefarious individuals. The exploit has been hotfixed already, and it should no longer be a problem.

Blizzard doesn't mess around with stuff like this... if people are found exploiting the game and causing problems, they'll not only find themselves banned but also in some other troubles.

Nethaera
Earlier today, certain realms were affected by an in-game exploit, resulting in the deaths of player characters and non-player characters in some of the major cities. This exploit has already been hotfixed, so it should not be repeatable. It's safe to continue playing and adventuring in major cities and elsewhere in Azeroth.

As with any exploit, we are taking this disruptive action very seriously and conducting a thorough investigation. If you have information relating to this incident, please email hacks@blizzard.com. We apologize for the inconvenience some of you experienced as a result of this and appreciate your understanding.



Mists of Pandaria is here! The level cap has been raised to 90, many players have returned to Azeroth, and pet battles are taking the world by storm. Keep an eye out for all of the latest news, and check out our comprehensive guide to Mists of Pandaria for everything you'll ever need to know.

Filed under: News items

Entire cities dead on some World of Warcraft realms

Entire cities dead on certain realms
This afternoon, Paris time, something very strange happened on various realms. Argent Dawn's forums have a long thread about it, but to cut a long story short, everyone in Stormwind and Orgrimmar was killed, NPCs included. It's also been happening on Tarren Mill, Ragnaros, Draenor, Twisting Nether, and no doubt other servers.

Of course, rumors abound as to just exactly what happened. Most people point towards it being a hack, and there's some videos out there floating around that give credence to this theory. Has it happened on your realm? What on earth is going on? And what do you think is causing it?

Update: Blizzard has posted on the forums, informing us that this exploit has now been hotfixed.

More screenshots as they come in after the break.

Read more →

Filed under: Mists of Pandaria

New scam tries to give you a free Celestial Steed

One of the sadder parts of this job is reporting on the numerous scams that sweep across the World of Warcraft landscape. It's no secret that your WoW account is valuable to thieves -- the entire gold-selling industry is built on a foundation of hacked accounts and stolen items.

Their latest scam vehicle? Our inherent desire for sparkle ponies. Let's get two things straight off the bat:
  1. You did not just win a free Celestial Steed mount. That in-game tell is an attempt to steal your account.
  2. No one just bought you a Celestial Steed mount. That email you got is an attempt to steal your account
If it sneaks by your spam filter, the latest scam email can be quite convincing. The message, which appears to be from sales@mail.blizzard.com, masquerades as a receipt for the purchase of the $25 Celestial Steed mount. Of course, the email is not actually from Blizzard (the "from" email is spoofed), and the links to Battle.net and Worldofwarcraft.com inside send you to a phishing website designed to steal your password or infect your computer with a keylogger.

Attempt to collect your sparkle pony, and within a few short hours, your entire account will be under someone else's control. If you haven't put an authenticator on your account, the scammers will do it for you, locking you out of your own account and severely hampering your ability to get it back.

More information on the latest scam, what you can do to protect yourself and what to do if you're a victim, all after the break.

Read more →

Filed under: News items, Account Security

New issues with Adobe Flash, Google search links could compromise your account

We have news of two new tricks hackers are currently using to steal WoW accounts. First, from Curse, comes news of a Google sponsored link that claims to lead to the popular addon manager Curse Client, but instead leads to a malware download. To be absolutely safe, you should always only download the client from http://www.curse.com/client.

In addition, Blizzard is warning that Adobe Flash version 10.0.45.2 contains a critical vulnerability that could be used to install a keylogger on your computer in order to steal your WoW account info. You can avoid this issue by installing Adobe Flash version 10.1 Release Candidate 7, which does not appear to have the same vulnerabilities.

Filed under: Bugs, News items

New scam targets the WoW Launcher

A post in the official forums today, later confirmed by a blue, points to hackers attempting to take advantage of a new avenue to attack the user -- the World of Warcraft Launcher.

As you can see from the screenshot above (large version here) the real launcher apparently is replaced with a fake launcher that sends the user to a web site that pretends to be official, asking for subscription information (including answers to secret questions and the original CD-Key) in what is meant to appear as the means to restore a supposedly suspended account. One of the telltale signs that this isn't legit, besides the very invasive information requested, is the version number in the upper left corner of the screen. We're way past patch 3.1.1 -- however not everyone might know this.

Ancilorn posts confirming that this is not genuine (reiterating that they will never ask for your password in such a manner, and also requesting that such things be sent directly to Blizzard if they happen to you). Goes to show that as security is increased, those looking to breach it become more desperate.

Filed under: News items, Account Security

Play safe because a trojan can get you banned

Remember that "non-personal system information" that Blizzard said they are searching for? Part of it is a search for keyloggers, trojans and viruses that affect WoW. If the system check finds one of those on any of the computers you are using, Blizzard will ban your account for 24 hours so that you can get it fixed.

When this happened to a guildie, I must admit I was skeptical. Blizzard scans for viruses? And then sends an email that sounds suspiciously similar to the various phishing emails out there? But my friend sent me a copy of the email and described the whole process to me and I am a believer. Blizzard has some issues it needs to resolve with how it is handling this, however.

Read more →

Filed under: Analysis / Opinion, Blizzard, Account Security

15 Minutes of Fame: Members only

15 Minutes of Fame is WoW.com's look at World of Warcraft players of all shapes and sizes -- from the renowned to the relatively anonymous, the remarkable to the player next door. Tip us off to players you'd like to hear more about.

As Blizzard re-imagines old Azeroth, sweeps tired systems out the door and injects new ways for players to connect and work together, we can't imagine why anyone would not want to take advantage of what this top-notch MMO and company have to offer. There are players, however, who choose a different path. These players game on private servers, where conditions range from near-original mirrors to god-mode gameplay with super-GM abilities.

We don't condone private server play, which is clearly against Blizzard's Terms of Service and EULA. Still, there are plenty of players who believe differently, and we were curious why they've chosen the private server route. We visited with a player who plays on a relatively tame private server featuring near-"normal" game play. What can he do that we can't? And what do we have that he doesn't?

Read more →

Filed under: Features, Interviews, 15 Minutes of Fame

The truth about Authenticators [Updated]

After getting a glimpse into the operations and motivations of a scammer, a lot of questions have arisen about the Authenticator. Can it be circumvented? Briefly and with your help, yes. Is having an Authenticator worth the hassle? Absolutely. These are just quick answers, and this is a topic worthy of more in-depth questions and long answers.

What is the Authenticator?

The Authenticator is a small device (pictured right) or an iPhone/iPod Touch app that can be tied to your account and provide an extra layer of security. The application is free, but the physical Authenticator costs $6.50 with free shipping in the U.S. They are also available in other countries.

How does it work?

The Authenticator generates a code that you must enter after entering your username and password when logging into WoW or when accessing your account management screens. This code is a one use code that is valid only for a limited time. But it is valid for longer than it lasts on the Authenticator. A new code is generated every few seconds, but an unused code is valid for longer than that (I'm not sure how long). For more details about how the Authenticator works, please read our interview with Blizzard.

Read more →

Filed under: Analysis / Opinion, Account Security

Beware of Blood Elves selling mounts


A friend of mine recently got hit by a pretty devious phishing scam targeting wealthy (in-game) players looking to make legitimate purchases. My friend, we'll call him Cobra, was in a major city when an offer in the Trade Channel caught his eye. A player, we'll call him Bubbles, was offering a Spectral Tiger Mount for 5000 gold. Since this mount is only available as a code on a rare loot card, Cobra contacted Bubbles to inquire. Purchasing codes for in-game items with in-game cash is perfectly legitimate, according to Blizzard, so Cobra did not worry about going against the TOS with this transaction.

Bubbles, a level 78 Blood Elf Mage, seemed legitimate. For one thing, he was not a throwaway low level character. Also, he didn't want to take the cash then, but just see it in a trade window to make sure Cobra was in possession of it. So Cobra gave Bubbles his email address only and waited for the email that included the code and a link to where to input the information.

Read more →

Filed under: Mounts, Account Security

WoW Rookie: Keeping your account safe and sound


New around here? WoW Rookie points WoW's newest players to the resources they need to get acclimated. Send us a note to suggest a WoW Rookie topic.

It doesn't take keyboard gymnastics to prevent your account from getting hacked. As a new player, you're bound to be concerned – and if you do any digging at all, you're also bound to uncover a tangle of acerbic, rather arcane-sounding comments (many of them on posts right here at WoW Insider) about what operating systems, browsers and browser add-ons are most secure.

You really don't have to change your entire computer system simply to keep your WoW account safe. This week, WoW Rookie rounds up a selection of WoW Insider posts that show you how (and why) to keep your WoW account from being hacked and prevent your computer from spilling its beans to the world at large.

Read more →

Filed under: Features, WoW Rookie, Account Security

WoWHorn tweets your achievements

This is an interesting little system -- unfortunately, it's probably a little too complicated for most people to use, but the functionality is intriguing. WoWHorn is an open source application that basically monitors your achievements on the Armory, and will Twitter about it when you earn a new one. To get it up and running, you'll need the application itself of course, and you'll probably also need Ruby installed if you don't have it yet (OS X has it already, I believe, and Linux may as well). I don't think you'll need to input your actual WoW password (the program should be able to look up your info with just your character name and realm), but you will have to punch in your Twitter credentials if you want it to tweet for you. Once you've got everything working (and you'll have to ignore the errors, I got quite a few), you should see a tweet pop up in your feed whenever you get new points ingame.

If you're a programmer type, you can read about the making of the app, and though, as I said, the app is probably a little too hacky for widespread use (it's not quite ready for primetime yet, and do you really want to run a separate application just to twitter about your achievements for you?), the functionality is the thing here. It would be cool for Blizzard to have the Armory interact officially with other networks on the Internet, either Twittering about your character or sending your profile out to Facebook.

Not that anything like that should distract them from future content, of course. But if they want free advertising, allowing their subscribers to more easily share and disseminate information about their characters won't hurt.

Filed under: Analysis / Opinion, How-tos, Fan stuff, Odds and ends, Blizzard, Achievements

Glider loses again, shutdown imminent

In the latest ruling in the Blizzard v. Glider case, the Honorable David G. Campbell (U.S. District Judge for the District of Arizona) ruled essentially that MDY Industries (the makers of Glider) has to present him with arguments why Glider should not be shut down during what will be a lengthy future appeals process. The arguments must be presented to the court by February 13th, 2009.

The Judge will then decide if the arguments hold merit and justify the continued operation of Glider.

If MDY Industries is not successful in their persuasion of the Judge Campbell, and MDY Industries CEO Michael Donnelly believes they will not be (according to posts made on the Glider forums), then they will have to cease and desist selling Glider. The shutdown of Glider will happen quickly after the February 13th date.

Campbell's full ruling on the matter is available in PDF format for your viewing. We'll have more on this as it develops in the next couple weeks. In the mean time, check out our previous coverage of Glider and its results

Thanks to everyone who sent this in! And while I don't know what Judge David Campbell looks like, I prefer to think of him as pictured in the article.

Filed under: Analysis / Opinion, Blizzard, News items

Common Sense: There is no beta hack

There has been a YouTube video that has been circulating around the internet lately claiming to show how to get into the Wrath of the Lich King beta via a backdoor security flaw. The video directs you to another site, which you then must enter your user name and password that you use to get into WoW. Surprise, surprise: this is nothing but another trick to steal your account.

This video has been showing up in links around the WoW community lately just about as much as a certain great music video. This initially caught my attention when it was posted here in our comments a few times.

Since the real beta signups are under way, and access to the beta is expected to begin any time, we were expecting and indeed seeing a large uptick in the number of beta scams. Be sure to protect yourself.

Filed under: Wrath of the Lich King, Account Security

Around Azeroth

Around Azeroth

Featured Galleries

It came from the Blog: Occupy Orgrimmar
Midsummer Flamefest 2013
Running of the Orphans 2013
World of Warcraft Tattoos
HearthStone Sample Cards
HearthStone Concept Art
Yaks
It came from the Blog: Lunar Lunacy 2013
Art of Blizzard Gallery Opening

 

Categories

Joystiq

Massively

Engadget