Originally posted by Pappy13 I have never said that it must be a Blizzard security issue and in fact I argued with you on this point earlier. All I'm saying is that it might not be a user created problem as you are assuming. There are other possibilities.
Ok, we both agree that anything is possible I don't think I was accusing you of making that statement. If that is how it sounded, sorry.
Apology accepted.
In essence there are 2 ways to get account information.
1) From the account database stored at the company
2) From the user
There really isn't some other place to get it.
Yes there is, potentially anyway.
Let's say that hackers figured out a way to "intercept" your user-id and password combination thru the internet when you log into the game. It's encrypted, but encryption can be broken. I'm not talking about breaking into Blizzard's database and I'm not talking about installing any kind of software on a user's PC. I'm talking about some kind of packet sniffer or something to actually steal the information as it makes its way through the internet. The internet is nothing but a bunch of servers passing the information from 1 place to another. In theory that information could be intercepted and decoded. The encryption is really strong, but people are coming up with ways to break different forms of encryption all the time.
If that were to happen, is that Blizzard's problem? Not really. I don't believe they actually "own" the encryption technique they employ, I could be wrong about that, but I think they use the standard one.
Is that the users problem? Not really. They don't know that it's not a secure connection to Blizzard's servers.
So who is at fault in that scenario? We all assume that it's a secure connection when we are logging into WoW, but is it? How secure is it? And if it's not is it Blizzard's fault or do they just use the common encryption method that all businesses use for private information? And it doesn't necessarily have to be when the user logs into the game. We all have to put in our account information when we want to change something on our account. Perhaps it happens then and not when we are logging into the game. I don't know the particulars of how that security differs from when logging into the game or if it does at all.
Is that far fetched? Yes. Do I think that is what has happened? No. I don't know what has happened. Maybe there's something going on that I don't have any clue about, I'm not a hacker afterall. I just think it's unwise to underestimate the hackers.
Look at it this way. The hackers can compromise 10,000 individuals thru the various forms that we know about today to get access to 10,000 accounts. Or they could compromise 1 database that holds 10,000 accounts of information and get access to 10,000 accounts. Sure it's easier to compromise 1 individual than it is compromise that database, but is it necessarily a lot easier to compromise 10,000 individuals than it is to compromise that 1 database? It probably still is, but....maybe not quite as much easier as we all imagine it to be.
Just like the Titanic, nothing is fool proof.
The packet sniffer you are talking about has to be installed on the client or the server machine. Otherwise you wouldn't know which packet to "sniff" because your PC would be bombarded with irrelevant packets. This is how it works and how those game emulators "figure" out how servers work. You load up original game, you perform an action (login, create character, blah blah) and at that moment you record the packets that are being sent by that specific program, then you try to figure out where in that packet is identity info and where the data is (it is encrypted in most cases, or at least it should be).
So yeah, you can intercept "packets" floating around without having installed anything on the source/target computer, but it would be like listening on a radio to multiple frequencies simultaneously, trying to decipher something, but not know which frequency that something is being broadcast.
The packet sniffer you are talking about has to be installed on the client or the server machine. Otherwise you wouldn't know which packet to "sniff" because your PC would be bombarded with irrelevant packets. This is how it works and how those game emulators "figure" out how servers work. You load up original game, you perform an action (login, create character, blah blah) and at that moment you record the packets that are being sent by that specific program, then you try to figure out where in that packet is identity info and where the data is (it is encrypted in most cases, or at least it should be). So yeah, you can intercept "packets" floating around without having installed anything on the source/target computer, but it would be like listening on a radio to multiple frequencies simultaneously, trying to decipher something, but not know which frequency that something is being broadcast.
Well I'm no expert on how the internet works, but I do know a little bit about how telephone switches work and I don't think it's all that much different. You see I worked for Sprint, MCI and Verizon and their phone network isn't all that much different from the internet. It's just bunch of switches that route calls from 1 place to another. How does a switch know where to route a call? Well it's all built into tables in the switch and the terminating location of the call. When you pick up a phone and dial the number you want to reach, that information is passed from 1 switch to the next. Each individual switch doesn't know where the call is gonna end up, it just knows which switch to pass the information onto so it will eventually reach it's destination. When the switch is reached where the call should terminate, it completes the connection. The internet is a bit like that, all the switches are just passing along the information to the next switch until it reaches it's destination, but the destination must be known or else the switches wouldn't know where to pass the information to.
So a sniffer doesn't listen to all the packets, it's just looking for certain packets that have the destination they are looking for and intercepts those packets. So in effect you do know the frequency if you know what to look for, at least I believe that's how it works, again I'm no expert. The real problem is the encryption on the data. That's not easily broken and if you did break it, I imagine there'd be a whole lot more interesting packets to sniff then the ones going to Blizzard, but my point is that it's possible at least theoretically if not practically.
The packet sniffer you are talking about has to be installed on the client or the server machine. Otherwise you wouldn't know which packet to "sniff" because your PC would be bombarded with irrelevant packets. This is how it works and how those game emulators "figure" out how servers work. You load up original game, you perform an action (login, create character, blah blah) and at that moment you record the packets that are being sent by that specific program, then you try to figure out where in that packet is identity info and where the data is (it is encrypted in most cases, or at least it should be). So yeah, you can intercept "packets" floating around without having installed anything on the source/target computer, but it would be like listening on a radio to multiple frequencies simultaneously, trying to decipher something, but not know which frequency that something is being broadcast.
Well I'm no expert on how the internet works, but I do know a little bit about how telephone switches work and I don't think it's all that much different. You see I worked for Sprint, MCI and Verizon and their phone network isn't all that much different from the internet. It's just bunch of switches that route calls from 1 place to another. How does a switch know where to route a call? Well it's all built into tables in the switch and the terminating location of the call. When you pick up a phone and dial the number you want to reach, that information is passed from 1 switch to the next. Each individual switch doesn't know where the call is gonna end up, it just knows which switch to pass the information onto so it will eventually reach it's destination. When the switch is reached where the call should terminate, it completes the connection. The internet is a bit like that, all the switches are just passing along the information to the next switch until it reaches it's destination, but the destination must be known or else the switches wouldn't know where to pass the information to.
So a sniffer doesn't listen to all the packets, it's just looking for certain packets that have the destination they are looking for and intercepts those packets. So in effect you do know the frequency if you know what to look for, at least I believe that's how it works, again I'm no expert. The real problem is the encryption on the data. That's not easily broken and if you did break it, I imagine there'd be a whole lot more interesting packets to sniff then the ones going to Blizzard, but my point is that it's possible at least theoretically if not practically.
That's just my opinion, I could be wrong.
in order for this to work, you would have to install the packet sniffer on the switches themselves - that is the mega-servers that are hosting INET themselves. Which is very very improbable. Your own PC on its own receives rogue packets, but your PC is not a switch, it does not host INTERNET.
So, you either have to have the packet-sniffing software installed on those mega-computers or the destination computer. Otherwise you will never get anything.
my current account has been secured with an authenticator+brand new software.
my prior account was hacked multiple times. the first time blizzard restored it no problem. the second time, wasn't so much a hack but clear evidence that my account was being watched.
I had logged in after recovering my account from the first theft and of course followed all the blizz recommended safety precautions except the authenticator. i started completely over on a new server, no one not even my rl friends who play knew I had did this. about an hour into playing a get a tell from a player, that was one word....my real name.
I responded back asking if they thought i was a friend by the same name, if not how did they know me and I got no response. I opened up a gm ticket and that account was banned, or at least kicked off line cause as soon as there name went offline i got a ticket response (basically a how did we do survey).
the next day i got the new (at the time) battle.net account.
a day or so passed i tried to log on and it wouldn't work and i though man not again. for some reason i though maybe ill try my old password (I DID NOT RESET IT AFTER I CHANGED IT). the old password worked and I was able to log on. I had gotten guilded by this point so i immediately let the guild know that I thought I could be compromised. I logged and changed my password.
the next day my account was stolen again.
i tried calling blizz after an hour of run around they said they restored it.
never happened.
i eventually gave up and as previously mentioned bought new software and got an authenticator app.
my point is, sure maybe the first time was my fault, hell maybe the second incident was. but just with strange incidents involved with my situation, I have came to believe that YES maybe some of the "crazies" are right maybe at least a good portion of this is an inside job by a blizzard employee or more likely a small group of employees.
my current account has been secured with an authenticator+brand new software. my prior account was hacked multiple times. the first time blizzard restored it no problem. the second time, wasn't so much a hack but clear evidence that my account was being watched. I had logged in after recovering my account from the first theft and of course followed all the blizz recommended safety precautions except the authenticator. i started completely over on a new server, no one not even my rl friends who play knew I had did this. about an hour into playing a get a tell from a player, that was one word....my real name. I responded back asking if they thought i was a friend by the same name, if not how did they know me and I got no response. I opened up a gm ticket and that account was banned, or at least kicked off line cause as soon as there name went offline i got a ticket response (basically a how did we do survey). the next day i got the new (at the time) battle.net account. a day or so passed i tried to log on and it wouldn't work and i though man not again. for some reason i though maybe ill try my old password (I DID NOT RESET IT AFTER I CHANGED IT). the old password worked and I was able to log on. I had gotten guilded by this point so i immediately let the guild know that I thought I could be compromised. I logged and changed my password.
the next day my account was stolen again. i tried calling blizz after an hour of run around they said they restored it.
never happened.
i eventually gave up and as previously mentioned bought new software and got an authenticator app.
my point is, sure maybe the first time was my fault, hell maybe the second incident was. but just with strange incidents involved with my situation, I have came to believe that YES maybe some of the "crazies" are right maybe at least a good portion of this is an inside job by a blizzard employee or more likely a small group of employees.
I dunno.
If someone has access to your email account they can do everything you just described and that is just one example of what can happen.
While anything is technically possible, if you are getting hacked multiple times and have not found the source, that also means you did not fixed it.
Getting hacked frequently and not understanding how doesn't mean it is the fault of someone else.
OP, don't think that because your account was banned on a Tuesday that is was hacked on the Monday. These hackers could of had your information for months, going back to when you did play and only just got around to using the account.
To often fake WoW sites pretending to be battle.net, wowarmory etc get to the top of the google search results and its so easy to to just click and hey presto you get a key logger on your system and the site seamlessly re-directs you to the true site so you are none the wiser.
A virus/spyware scanner wont always save you.
Hackers will store partial information about people for years, email address, bank account numbers, and sell this info onto other groups and eventualy they get all the info they need to hack your wow account, bank account, gmail etc. Its no effort for them to store email addresses againt IP address and/or MAC address on a spread sheet just waiting to fill in the blanks.
Yes the move to battle.net did increase the hacking as you now use an email address as your login, but they still need to keylog your PC to get this information, they could of keylogged your wow password months ago and then we moved to battle net so you were typing your email address more frequently eventually (if your keylogged) it will happen.
Not saying it's your fault but dont assume your were not hacked.
my current account has been secured with an authenticator+brand new software. my prior account was hacked multiple times. the first time blizzard restored it no problem. the second time, wasn't so much a hack but clear evidence that my account was being watched. I had logged in after recovering my account from the first theft and of course followed all the blizz recommended safety precautions except the authenticator. i started completely over on a new server, no one not even my rl friends who play knew I had did this. about an hour into playing a get a tell from a player, that was one word....my real name. I responded back asking if they thought i was a friend by the same name, if not how did they know me and I got no response. I opened up a gm ticket and that account was banned, or at least kicked off line cause as soon as there name went offline i got a ticket response (basically a how did we do survey). the next day i got the new (at the time) battle.net account. a day or so passed i tried to log on and it wouldn't work and i though man not again. for some reason i though maybe ill try my old password (I DID NOT RESET IT AFTER I CHANGED IT). the old password worked and I was able to log on. I had gotten guilded by this point so i immediately let the guild know that I thought I could be compromised. I logged and changed my password.
the next day my account was stolen again. i tried calling blizz after an hour of run around they said they restored it.
never happened.
i eventually gave up and as previously mentioned bought new software and got an authenticator app.
my point is, sure maybe the first time was my fault, hell maybe the second incident was. but just with strange incidents involved with my situation, I have came to believe that YES maybe some of the "crazies" are right maybe at least a good portion of this is an inside job by a blizzard employee or more likely a small group of employees.
I dunno.
If someone has access to your email account they can do everything you just described and that is just one example of what can happen.
While anything is technically possible, if you are getting hacked multiple times and have not found the source, that also means you did not fixed it.
Getting hacked frequently and not understanding how doesn't mean it is the fault of someone else.
Either e-mail got hacked, or as expresso said you were keylogged or you fell for the dupe that is getting more common these days: you get a tell from someone pretending to be a GM saying that my account was suspended and asking me to login at a site that has "blizzard" in it or "battlenet" but is not "battle.net" or "worldofwarcraft.com". Some people will fall for this thinking they are logging into a legitimate website (visually they look like official blizzard site), but in fact they just gave someone their user name and password.
There are so many ways to get scammed that "getting hacked" (as in someone just stole that info from your computer or from blizzard without any action from you) is highly highly improbable. I'm guessing most "hacked" accounts (my estimate 50% of cases) are coming from people who used power leveling services, used bots or purchased gold. those people ill never admit that (not saying you did that) so all we hear is "I got hacked X times, Blizzard sux". The second (my estimate is 45% cases) highest probability is that you fell for the "Your account has been suspended, please login at fishysite.net to clear suspension" scam. This leaves us with 5%, of which 4.9% are poor passwords and finally 0.1% are those who really got hacked, as in someone used a windows vulnerability for example to infect computer with a Trojan, turning it into a bot, discovering that that computer was used to play WoW and its login info was therefore stolen. Just my opinion on this matter.
I recently came back to WoW, like 2 weeks ago or so. I had to upgrade to battlenet account as I discovered to renew my subscription. Just today I got both my gmail and battlenet account compromised, which is partially my fault (take a guess on that one...). I just changed the passwords on both accounts and seems I'm fine now. My 2 inactive 80s got cleared of gold (which couldn't be more then 1k total if I remember correctly), got stripped from gear, and what boggles my mind - all bags removed, both from characters' inventories and banks. I think someone did some mining on one of those, but can't be sure really. Anyway, I didn't even had to contact blizz about anything, just got the password changed and voilla. I don't care about any gear or gold, so I'm not that bothered. My current main remained untouched, probably because of it being in it's low levels.
I got a question though to you guys - can you recommend any free email service with pop3 or forwarding that's a bit more low profile then gmail, yahoo, hotmail and such?
I recently came back to WoW, like 2 weeks ago or so. I had to upgrade to battlenet account as I discovered to renew my subscription. Just today I got both my gmail and battlenet account compromised, which is partially my fault (take a guess on that one...). I just changed the passwords on both accounts and seems I'm fine now. My 2 inactive 80s got cleared of gold (which couldn't be more then 1k total if I remember correctly), got stripped from gear, and what boggles my mind - all bags removed, both from characters' inventories and banks. I think someone did some mining on one of those, but can't be sure really. Anyway, I didn't even had to contact blizz about anything, just got the password changed and voilla. I don't care about any gear or gold, so I'm not that bothered. My current main remained untouched, probably because of it being in it's low levels. I got a question though to you guys - can you recommend any free email service with pop3 or forwarding that's a bit more low profile then gmail, yahoo, hotmail and such?
I don't know any good low profile emails, but you shouldn't abandon gmail or yahoo just because your account was hacked. What I would recommend is to simply create a new email with hard to predict name something like "ar9_po56", something not in a dictionary, something visually random. Once you have that, protect it with a strong password, at least 8 chars long, with lowercase and uppercase letters, with few numbers and maybe underscore in it. Again, the password should not be a dictionary word, not a name, not something meaningful to a random person. This way you are secured against brute force attacks.
After that you will have to be careful to NEVER click on emails from Blizzard that have spelling errors in it, that have different URLS or when you are asked to login in an unusual place. Never buy gold/powerleveling services, never give out your personal info (especially your DOB!!!), never give away your username and email in a public place. Use recyclable emails for one-time-registrations.
lol one of fake emails i keep getting even more funny as i change my email last year to one i dont use any where else
Worldofwarcraft Account Seaech
From: noreply@blizzard.com (noreply@blizzard.com)
Sent: 23 March 2010 21:00:49
To
Greetings,
An investigation of your World of Warcraft account has found strong evidence that the account in question is being sold or traded. As you may not be aware of, this conflicts with Blizzard's EULA under section 4 Paragraph B which can be found here:
WoW -> Legal -> End User License Agreement
and Section 8 of the Terms of Use found here:
WoW -> Legal -> Terms of Use
The investigation will be continued by Blizzard administration to determine the action to be taken against your account. If your account is found violating the EULA and Terms of Use, your account can, and will be suspended/closed/or terminated.
In order to keep this from occurring, you should immediately verify that you are the original owner of the account.
To verify your identity please visit the following webpage:
Only Account Administration will be able to assist with account retrieval issues. Thank you for your time and attention to this matter, and your continued interest in World of Warcraft.
Comments
Yes your situation sucks and you don't know how it happened.
That is about all you have presented so far. For you to give account security advice based off of that is just a bit far fetched.
Ok, we both agree that anything is possible I don't think I was accusing you of making that statement. If that is how it sounded, sorry.
Apology accepted.
In essence there are 2 ways to get account information.
1) From the account database stored at the company
2) From the user
There really isn't some other place to get it.
Yes there is, potentially anyway.
Let's say that hackers figured out a way to "intercept" your user-id and password combination thru the internet when you log into the game. It's encrypted, but encryption can be broken. I'm not talking about breaking into Blizzard's database and I'm not talking about installing any kind of software on a user's PC. I'm talking about some kind of packet sniffer or something to actually steal the information as it makes its way through the internet. The internet is nothing but a bunch of servers passing the information from 1 place to another. In theory that information could be intercepted and decoded. The encryption is really strong, but people are coming up with ways to break different forms of encryption all the time.
If that were to happen, is that Blizzard's problem? Not really. I don't believe they actually "own" the encryption technique they employ, I could be wrong about that, but I think they use the standard one.
Is that the users problem? Not really. They don't know that it's not a secure connection to Blizzard's servers.
So who is at fault in that scenario? We all assume that it's a secure connection when we are logging into WoW, but is it? How secure is it? And if it's not is it Blizzard's fault or do they just use the common encryption method that all businesses use for private information? And it doesn't necessarily have to be when the user logs into the game. We all have to put in our account information when we want to change something on our account. Perhaps it happens then and not when we are logging into the game. I don't know the particulars of how that security differs from when logging into the game or if it does at all.
Is that far fetched? Yes. Do I think that is what has happened? No. I don't know what has happened. Maybe there's something going on that I don't have any clue about, I'm not a hacker afterall. I just think it's unwise to underestimate the hackers.
Look at it this way. The hackers can compromise 10,000 individuals thru the various forms that we know about today to get access to 10,000 accounts. Or they could compromise 1 database that holds 10,000 accounts of information and get access to 10,000 accounts. Sure it's easier to compromise 1 individual than it is compromise that database, but is it necessarily a lot easier to compromise 10,000 individuals than it is to compromise that 1 database? It probably still is, but....maybe not quite as much easier as we all imagine it to be.
Just like the Titanic, nothing is fool proof.
The packet sniffer you are talking about has to be installed on the client or the server machine. Otherwise you wouldn't know which packet to "sniff" because your PC would be bombarded with irrelevant packets. This is how it works and how those game emulators "figure" out how servers work. You load up original game, you perform an action (login, create character, blah blah) and at that moment you record the packets that are being sent by that specific program, then you try to figure out where in that packet is identity info and where the data is (it is encrypted in most cases, or at least it should be).
So yeah, you can intercept "packets" floating around without having installed anything on the source/target computer, but it would be like listening on a radio to multiple frequencies simultaneously, trying to decipher something, but not know which frequency that something is being broadcast.
I am the type of player where I like to do everything and anything from time to time.
http://en.wikipedia.org/wiki/Holodomor - pre-WW2 genocide.
Well I'm no expert on how the internet works, but I do know a little bit about how telephone switches work and I don't think it's all that much different. You see I worked for Sprint, MCI and Verizon and their phone network isn't all that much different from the internet. It's just bunch of switches that route calls from 1 place to another. How does a switch know where to route a call? Well it's all built into tables in the switch and the terminating location of the call. When you pick up a phone and dial the number you want to reach, that information is passed from 1 switch to the next. Each individual switch doesn't know where the call is gonna end up, it just knows which switch to pass the information onto so it will eventually reach it's destination. When the switch is reached where the call should terminate, it completes the connection. The internet is a bit like that, all the switches are just passing along the information to the next switch until it reaches it's destination, but the destination must be known or else the switches wouldn't know where to pass the information to.
So a sniffer doesn't listen to all the packets, it's just looking for certain packets that have the destination they are looking for and intercepts those packets. So in effect you do know the frequency if you know what to look for, at least I believe that's how it works, again I'm no expert. The real problem is the encryption on the data. That's not easily broken and if you did break it, I imagine there'd be a whole lot more interesting packets to sniff then the ones going to Blizzard, but my point is that it's possible at least theoretically if not practically.
That's just my opinion, I could be wrong.
Well I'm no expert on how the internet works, but I do know a little bit about how telephone switches work and I don't think it's all that much different. You see I worked for Sprint, MCI and Verizon and their phone network isn't all that much different from the internet. It's just bunch of switches that route calls from 1 place to another. How does a switch know where to route a call? Well it's all built into tables in the switch and the terminating location of the call. When you pick up a phone and dial the number you want to reach, that information is passed from 1 switch to the next. Each individual switch doesn't know where the call is gonna end up, it just knows which switch to pass the information onto so it will eventually reach it's destination. When the switch is reached where the call should terminate, it completes the connection. The internet is a bit like that, all the switches are just passing along the information to the next switch until it reaches it's destination, but the destination must be known or else the switches wouldn't know where to pass the information to.
So a sniffer doesn't listen to all the packets, it's just looking for certain packets that have the destination they are looking for and intercepts those packets. So in effect you do know the frequency if you know what to look for, at least I believe that's how it works, again I'm no expert. The real problem is the encryption on the data. That's not easily broken and if you did break it, I imagine there'd be a whole lot more interesting packets to sniff then the ones going to Blizzard, but my point is that it's possible at least theoretically if not practically.
That's just my opinion, I could be wrong.
in order for this to work, you would have to install the packet sniffer on the switches themselves - that is the mega-servers that are hosting INET themselves. Which is very very improbable. Your own PC on its own receives rogue packets, but your PC is not a switch, it does not host INTERNET.
So, you either have to have the packet-sniffing software installed on those mega-computers or the destination computer. Otherwise you will never get anything.
I am the type of player where I like to do everything and anything from time to time.
http://en.wikipedia.org/wiki/Holodomor - pre-WW2 genocide.
my current account has been secured with an authenticator+brand new software.
my prior account was hacked multiple times. the first time blizzard restored it no problem. the second time, wasn't so much a hack but clear evidence that my account was being watched.
I had logged in after recovering my account from the first theft and of course followed all the blizz recommended safety precautions except the authenticator. i started completely over on a new server, no one not even my rl friends who play knew I had did this. about an hour into playing a get a tell from a player, that was one word....my real name.
I responded back asking if they thought i was a friend by the same name, if not how did they know me and I got no response. I opened up a gm ticket and that account was banned, or at least kicked off line cause as soon as there name went offline i got a ticket response (basically a how did we do survey).
the next day i got the new (at the time) battle.net account.
a day or so passed i tried to log on and it wouldn't work and i though man not again. for some reason i though maybe ill try my old password (I DID NOT RESET IT AFTER I CHANGED IT). the old password worked and I was able to log on. I had gotten guilded by this point so i immediately let the guild know that I thought I could be compromised. I logged and changed my password.
the next day my account was stolen again.
i tried calling blizz after an hour of run around they said they restored it.
never happened.
i eventually gave up and as previously mentioned bought new software and got an authenticator app.
my point is, sure maybe the first time was my fault, hell maybe the second incident was. but just with strange incidents involved with my situation, I have came to believe that YES maybe some of the "crazies" are right maybe at least a good portion of this is an inside job by a blizzard employee or more likely a small group of employees.
I dunno.
If someone has access to your email account they can do everything you just described and that is just one example of what can happen.
While anything is technically possible, if you are getting hacked multiple times and have not found the source, that also means you did not fixed it.
Getting hacked frequently and not understanding how doesn't mean it is the fault of someone else.
In this thread alone ... I counted 71 (!) posts from "deleted" posters.
They all had one thing in common: accuse Blizzard for compromised accounts.
Some people really have no life at all since WOW became this popular...
Want a real mmorpg? Play WOW with experience turned off mode and be Pve_Pvp King at any level without a rat race.
OP, don't think that because your account was banned on a Tuesday that is was hacked on the Monday. These hackers could of had your information for months, going back to when you did play and only just got around to using the account.
To often fake WoW sites pretending to be battle.net, wowarmory etc get to the top of the google search results and its so easy to to just click and hey presto you get a key logger on your system and the site seamlessly re-directs you to the true site so you are none the wiser.
A virus/spyware scanner wont always save you.
Hackers will store partial information about people for years, email address, bank account numbers, and sell this info onto other groups and eventualy they get all the info they need to hack your wow account, bank account, gmail etc. Its no effort for them to store email addresses againt IP address and/or MAC address on a spread sheet just waiting to fill in the blanks.
Yes the move to battle.net did increase the hacking as you now use an email address as your login, but they still need to keylog your PC to get this information, they could of keylogged your wow password months ago and then we moved to battle net so you were typing your email address more frequently eventually (if your keylogged) it will happen.
Not saying it's your fault but dont assume your were not hacked.
If someone has access to your email account they can do everything you just described and that is just one example of what can happen.
While anything is technically possible, if you are getting hacked multiple times and have not found the source, that also means you did not fixed it.
Getting hacked frequently and not understanding how doesn't mean it is the fault of someone else.
Either e-mail got hacked, or as expresso said you were keylogged or you fell for the dupe that is getting more common these days: you get a tell from someone pretending to be a GM saying that my account was suspended and asking me to login at a site that has "blizzard" in it or "battlenet" but is not "battle.net" or "worldofwarcraft.com". Some people will fall for this thinking they are logging into a legitimate website (visually they look like official blizzard site), but in fact they just gave someone their user name and password.
There are so many ways to get scammed that "getting hacked" (as in someone just stole that info from your computer or from blizzard without any action from you) is highly highly improbable. I'm guessing most "hacked" accounts (my estimate 50% of cases) are coming from people who used power leveling services, used bots or purchased gold. those people ill never admit that (not saying you did that) so all we hear is "I got hacked X times, Blizzard sux". The second (my estimate is 45% cases) highest probability is that you fell for the "Your account has been suspended, please login at fishysite.net to clear suspension" scam. This leaves us with 5%, of which 4.9% are poor passwords and finally 0.1% are those who really got hacked, as in someone used a windows vulnerability for example to infect computer with a Trojan, turning it into a bot, discovering that that computer was used to play WoW and its login info was therefore stolen. Just my opinion on this matter.
I am the type of player where I like to do everything and anything from time to time.
http://en.wikipedia.org/wiki/Holodomor - pre-WW2 genocide.
I recently came back to WoW, like 2 weeks ago or so. I had to upgrade to battlenet account as I discovered to renew my subscription. Just today I got both my gmail and battlenet account compromised, which is partially my fault (take a guess on that one...). I just changed the passwords on both accounts and seems I'm fine now. My 2 inactive 80s got cleared of gold (which couldn't be more then 1k total if I remember correctly), got stripped from gear, and what boggles my mind - all bags removed, both from characters' inventories and banks. I think someone did some mining on one of those, but can't be sure really. Anyway, I didn't even had to contact blizz about anything, just got the password changed and voilla. I don't care about any gear or gold, so I'm not that bothered. My current main remained untouched, probably because of it being in it's low levels.
I got a question though to you guys - can you recommend any free email service with pop3 or forwarding that's a bit more low profile then gmail, yahoo, hotmail and such?
I don't know any good low profile emails, but you shouldn't abandon gmail or yahoo just because your account was hacked. What I would recommend is to simply create a new email with hard to predict name something like "ar9_po56", something not in a dictionary, something visually random. Once you have that, protect it with a strong password, at least 8 chars long, with lowercase and uppercase letters, with few numbers and maybe underscore in it. Again, the password should not be a dictionary word, not a name, not something meaningful to a random person. This way you are secured against brute force attacks.
After that you will have to be careful to NEVER click on emails from Blizzard that have spelling errors in it, that have different URLS or when you are asked to login in an unusual place. Never buy gold/powerleveling services, never give out your personal info (especially your DOB!!!), never give away your username and email in a public place. Use recyclable emails for one-time-registrations.
Thats all that I can think of right now.
I am the type of player where I like to do everything and anything from time to time.
http://en.wikipedia.org/wiki/Holodomor - pre-WW2 genocide.
lol one of fake emails i keep getting even more funny as i change my email last year to one i dont use any where else
Worldofwarcraft Account Seaech
From: noreply@blizzard.com (noreply@blizzard.com)
Sent: 23 March 2010 21:00:49
To
Greetings,
An investigation of your World of Warcraft account has found strong evidence that the account in question is being sold or traded. As you may not be aware of, this conflicts with Blizzard's EULA under section 4 Paragraph B which can be found here:
WoW -> Legal -> End User License Agreement
and Section 8 of the Terms of Use found here:
WoW -> Legal -> Terms of Use
The investigation will be continued by Blizzard administration to determine the action to be taken against your account. If your account is found violating the EULA and Terms of Use, your account can, and will be suspended/closed/or terminated.
In order to keep this from occurring, you should immediately verify that you are the original owner of the account.
To verify your identity please visit the following webpage:
Only Account Administration will be able to assist with account retrieval issues. Thank you for your time and attention to this matter, and your continued interest in World of Warcraft.
Sincerely,
Account Administration
Blizzard Entertainment