It's a mix of things really, as has been said, WoW is an easy target because of the huge number of people playing it. Carelessness surely plays a part as well.
And i doubt it is because of battle.net, could be your browser was exposed when you converted to bnet, or some other reason, but i doubt it's because some 'hacker' have access to the bnet servers/account database as some people seem to think. Me and some of my friends converted to bnet as soon as was possible and i've never been "hacked".I also never ever click any wow related links in emails. Also never ever post your bnet email address on a public forums, which ALOT of people are doing, just check how many have that little email icon under their name at the mmo-champion forums for example!
To stay safe there are a few easy things you can do, Firefox +noscript is a given, then a firewall, and some anti spyware software like Spybot S&D, and voila as long as you don't do anything stupid like running an executable to install some addon then the chances you will lose your account are very slim.
While I did not read through this whole thread as a computer security professional I will tell everyone why and how their accounts get hacked.
1. WOW is just like Microsoft windows it's the white whale of online games. There are a lot of captain Ahab’s out there looking to slay the Moby dick of online games for fun and profit.
2. There a lot of players that just don't know much about computer security. They use names or words found in a dictionary as a password. They don’t' keep their firewall and virus software up to date. They respond to phasing attempts who hasn't gotten those tells telling you to go here and update your account info lately. Oh and please don’t' follow links to unknown websites on the wow forums it's a good way to download a key logger or Trojan.
3. People that don't buy the authenticator really it's cheap and makes it much harder to hack your account not imposable but very hard.
I would be surprised if Blizzards account database has been hacked it would be behind more than a few firewalls and they would have network packet snuffers installed looking for any number of hacking attempts. One thing is for sure hacking Blizzards account database would be costly and take some time not imposable though.
What can people do to protect themselves?
1. Buy the attenuator it does make hacking the account very hard.
2. Use a passphrase as a password. Like I<32PlayWoW don’t' use this but you get the idea.
3. Stay away from websites you are unsure about. Websites can download a key logger onto your computer. Mostly they are links to videos or game info found in the wow forums.
Almost every post here claiming that only idiots are getting hacked are from people who aren't playing WoW, or haven't converted to using battle.net. Coincidence?
Blizzard has a security problem. I'm a veteran of 10+ MMORPGs and a LOT of other online things - the only time I've ever been hacked was this Spring when my months-inactive WoW account was suddenly suspended for ilicit activity. The last time I had played was a few times last Fall when there was a free 10-day promo offer for the new expansion. And guess what else? I had to convert my account to battle.net. Hmmm.
I'm a software developer, been on the Net since the '80's, am running M$'s virus scanning tools, check my system for with HijackThis and other tools all the time, bla bla bla; I'm no security wizard, but I know what I'm doing, in general. It's unlikely that I got phished or trojaned.
I know a few people in RL who play the game, and almost ALL of them have had their accounts hijacked at some point. They're all using the hardware-based thing the Blizz offers now, as they are convinced that there's someone inside of Blizzard leaking this info, and therefore the only way to truly secure your account there is to have a constantly changing password.
I'm inclined to agree with a previous poster who said that those of you blindly thinking that Blizzard can do no wrong because of the size of their operation really have your heads in the sand here. They have a problem in their operation somewhere, and they really need to get a handle on it before it gets more publicity than threads like this are providing.
There are alot of conflicting opinions from a few people who say and seem to know what they are talking about I'm kind of inclined to agree with this though. I played WoW from launch til a bit after TBC which was before this battle.net switch and I have never recieved an email about WOW period. I don't know much about computers but I know if someone is foolish enough to just trust that a company won't do something is someone asking to get dealt with. Someone already pointed out some of the numerous examples of companies gone wild so I don't feel the need to add to it.
Even without much knowledge about the net I can see the lunacy in using an email address as a sign in where people can conceivably find things out about someone, I've never done anything illegal but I have certainly gotten my fair share of unoffered information on people simply by knowing an email address.
I think a simple way to do some figuring as well is to simply look at the events taking place around the time of the increase in compromised accounts and I would think there is going to be some event pointing to how and why this is happening because around the time I had any interest in WOW this was not going on as much as it seems to be now. Oh and one other poster mentioned people playing on private WOW servers I've never done that either.
but yeah, to call this game Fantastic is like calling Twilight the Godfather of vampire movies....
That's just the easiest thing to pick on. It's seriously just bad security protocol from users. The emails they sign on with and the passwords they choose. That's why the Authenticator work, it adds that extra bit of encryption.
I kill other players because they're smarter than AI, sometimes.
A Cataclysm Beta Invitation in my Inbox? This is the third one! I hope this one isn't fake, I've already sent my information to all the others.
Wow! This site just gives me gold for money? Awesome!
Oh, boy! I can get people to power level me to 80! I'll just submit my account information.
It happens.
Oh, it happens.
^^
Hackers love to target mass amounts of people, because they know they have the best chance at success when targeting games with tons of players. Gamers are not always tech savy, and even the most careful people make mistakes sometimes. It only takes one mistake for you to get hacked. And well, when you have tons of players in WoW, you are bound to have more people who are not careful, not tech/internet savy, and many simply don't know the difference between a fake phishing email vs a real one.
People get an ingame tell from Blizzadmin saying they need to go online to respond to a survey/ticket, or to collect an ingame reward, I know there are people who fall for that kind of stuff. While it's an obvious scam attempt to many of us, to many others they just don't know the difference.
Cata beta is a big one right now, because a lot of people want to get into the beta to get a sneak peak of the upcoming expansion. I've seen lots of phishing attempts as well as ingame tells about getting a beta key.
3rd party addons are usually safe except for ones that have an ingame browser that can execute scripts. Also what's unsafe is to download some program to update your addons for you. To me that's just laziness and asking for trouble.
All in all, scammers aren't doing anything different in WoW than what they do for other things. You see phishing emails from your favorite bank all the time, asking you to login to do something. You see emails that want to give you a $50 gift certificate to a retail store, all you got to do is login to your amazon or ebay account. Scammers used to only target real life information such as bank accounts, credit card numbers, identity such as ss and driver's license #'s, etc.. But lately they've found it to be profitable to hack WoW accounts, so they're doing so now too.
I find it hard to believe Blizzard's security is worse than some F2P outfit with 30 employees. Less savvy people get hacked and WOW is loaded with people that aren't savy on the web.
You'd figure if the security was so bad, major guilds with REALLY valuable toons would be getting stolen left and right=) Not happening is it?
Originally posted by twstdstrange "Bla bla bla ... WoW players are idiots"
^^Hackers love to target mass amounts of people, because they know they have the best chance at success when targeting games with tons of players. Gamers are not always tech savy, and even the most careful people make mistakes sometimes. It only takes one mistake for you to get hacked. And well, when you have tons of players in WoW, you are bound to have more people who are not careful, not tech/internet savy, and many simply don't know the difference between a fake phishing email vs a real one.
Two more for the 'Users are stupid, it's obviously their fault' chorus. Have you read the messages in this thread at all, or are you just spewing your uninformed generalizations about hacking? The sheer numbers of accounts being hacked should be an indication that you're barking up the wrong tree.
I didn't get hacked from my end. I'm virus/trojan/3rd-party-add-on free. I don't answer phishing emails; in fact, I can't recall ever having received any. I run my browser in paranoid/secure mode.
I never respond to anything web-related ingame. In fact, it's ridiculous to even suggest this as a possible cause for these hacked accounts; nobody I know is stupid enough to fall for that junk - we've been playing these things since the late 90's, believe me, we've seen it all.
I run the generic WoW UI with no 3rd party add ons. This account was dormant for MONTHS before it suddenly got banned for illegal ingame activity, and had barely been accessed at all in the past few years.
People get an ingame tell from Blizzadmin saying they need to go online to respond to a survey/ticket, or to collect an ingame reward, I know there are people who fall for that kind of stuff. While it's an obvious scam attempt to many of us, to many others they just don't know the difference.
Nope
Cata beta is a big one right now, because a lot of people want to get into the beta to get a sneak peak of the upcoming expansion. I've seen lots of phishing attempts as well as ingame tells about getting a beta key.
Nope
3rd party addons are usually safe except for ones that have an ingame browser that can execute scripts. Also what's unsafe is to download some program to update your addons for you. To me that's just laziness and asking for trouble.
Don't use anything like that.
All in all, scammers aren't doing anything different in WoW than what they do for other things. You see phishing emails from your favorite bank all the time, asking you to login to do something. You see emails that want to give you a $50 gift certificate to a retail store, all you got to do is login to your amazon or ebay account. Scammers used to only target real life information such as bank accounts, credit card numbers, identity such as ss and driver's license #'s, etc.. But lately they've found it to be profitable to hack WoW accounts, so they're doing so now too.
Yet my my email accounts, my dozens of other online accounts at stores, online games, message boards, etc have never been hacked. If it was so easy to do, and I'm such a stupid user, why wouldn't these be targeted?
This is probably the 3rd of 4th time I've seen a thread like this pop up out here, because there's clearly an issue with account security in this particular online game. Yes, a small % of accounts can surely be hijacked through scams and such, but this is clearly not the case here - the volume of accounts being compromised is ridiculously large. I'm generally not much of a 'conspiracy theory' guy, but in this case I'm inclined to think that it's something either at Blizzard corporate itself, or some exploitable weakness in their authentication system that's causing this. Hopefully they'll get it buttoned up soon.
This is probably the 3rd of 4th time I've seen a thread like this pop up out here, because there's clearly an issue with account security in this particular online game. Yes, a small % of accounts can surely be hijacked through scams and such, but this is clearly not the case here - the volume of accounts being compromised is ridiculously large. I'm generally not much of a 'conspiracy theory' guy, but in this case I'm inclined to think that it's something either at Blizzard corporate itself, or some exploitable weakness in their authentication system that's causing this. Hopefully they'll get it buttoned up soon.
You are assuming as much as anybody else is assuming otherwise. So since we're all assuming, there's no need to get all smartass about it. Is it possible a company can have its customer login database exploited? Yes, sure it's possible. Do we know for sure this is what happened? No. Is it likely this is what happened? I doubt it, because passwords are encrypted so at the most a hacker would get the usernames/email address, they'd still need to obtain the password somehow.
But hey, anything can happen. Maybe it's made of cheese who knows. But while we're all just assuming and speculating, please don't act like you know any more than anybody else.
Honestly, if anyone thinks there's one overarching reason (save for the sheer amount of targets the game has) why all the people have been hacked, they're being a simpleton.
I find it hard to believe Blizzard's security is worse than some F2P outfit with 30 employees. Less savvy people get hacked and WOW is loaded with people that aren't savy on the web.
You'd figure if the security was so bad, major guilds with REALLY valuable toons would be getting stolen left and right=) Not happening is it?
I hate posting long posts that your average 4chan troll (Not you Josher, just in general) think is too long to read.
Let me sum it up.
Security at Blizzard is fine. People's accounts are easily traceable with all the info on the web. Inactive accounts are the big target cuz they're the least noticeable target. The scammers phish them, spam in chat. Get these abandoned accounts banned, then it's a whole mess for someone.
The gear doesn't matter so much, but it's a perk if you run across it as a scammer.
I kill other players because they're smarter than AI, sometimes.
Hacking is taking a new turn. There is much less brute force attacks now. Go attend an IT Security conference and you'll find that almost all hacking is now malware attempts. Google, along with about 30 other large companies, was hacked early this year.
These hacks are hard to crack, they use obfuscated code (basically code within code, within code.) It can be hidden in a web link, files, ims, or email. Once the code goes to work it will most likely run in the background. In the case with Google it ran a internet browser in a 1x1 pixel window. You couldn't see the browser doing all the requests. This isn' t the case for just big corporations, its for everything. Once you are hacked you could end up going to your bank's website and code will run that alters the login. The site looks legit. The certficate looks legit. However, you login and it's not your bank.
Also, spoofing is so easy to use and get large number of people that aren't internet savy. I've got one of those Cataclsym beta emails. It looks pretty legit. How many people do you think followed the link and tried to activate the beta on their account? Probably way too many. People also get scared easily. You get the spam message supposedly from Blizzard telling you that an uknown IP range has attempted to login to your account. Please login and reset your password, use the link below. OHNOES, I'm hacked. Let me reset my password. I'm sure that happens a ton of times.
Edit - For the guy above saying he is malware/virus free. Google and 30 other companies thought so too. Anti-virus programs can't deal with obfuscated code, java code running instead another instance of java, all from a pdf. There are large shops setup in Russia that sell this type of code. They will tailor it to your needs. It's becoming harder and harder to stop. Perhaps Blizzard got hacked, but maybe they didn't. Maybe you are hacked and your computer is part of some huge WoW zombie botnet network. I forgot the figures now, but the number of consumer PCs that are part of botnet is supposed to be an extremely high percentage now. These numbers have more than doubled, more like quadropled in the past 2 years.
The wave of stolen accounts currently goes through several MMOs. WoW, Aion, RoM...
Btw, in RoM you can type in your password by clicking letters/numbers on your screen. Most of the stolen accounts had the same login information for forums as for the game, it seems.
Quite simply, the reason so many on WoW get hacked is the median age of the players which has become much lower, the high profit margin for the hackers, and the vast amount of players which raises the odds in the hacker's favor...
WoW attracts many people who don't have much experience with the internet or gaming, and thus ain't used to phising or trojans or simply keeping their passwords save
many people give their passwords to friends ("I can't participate in the raid today, please play my char for me, here is the password")
many players are very young and easily fall for traps. They see a youtube video saying "go to this website and login to play cataclysm" and they do it. Or read a mail saying "login here or your account gets banned" and they do it
many people download addons containing trojans or go to unsecure websites, and then send those addons eve to friends
use of leveling services and such stuff
people often read that others get hacked, and then assume if they get hacked themselves, it's Blizzards fault, not theirs, and thus they don't learn
trusting the authenticator too much, thinking nothing can ever happen if they have one
And so on. I'm a programmer, and obviously know computers and the internet fairly well. I never got hacked in WoW and need no authenticator either. The whole term "my WoW account got hacked" is kinda silly, since they're not actually hacked. The players simply are not acpable of keeping their information to themselves.
WoW attracts many people who don't have much experience with the internet or gaming, and thus ain't used to phising or trojans or simply keeping their passwords save
many people give their passwords to friends ("I can't participate in the raid today, please play my char for me, here is the password")
many players are very young and easily fall for traps. They see a youtube video saying "go to this website and login to play cataclysm" and they do it. Or read a mail saying "login here or your account gets banned" and they do it
many people download addons containing trojans or go to unsecure websites, and then send those addons eve to friends
use of leveling services and such stuff
people often read that others get hacked, and then assume if they get hacked themselves, it's Blizzards fault, not theirs, and thus they don't learn
trusting the authenticator too much, thinking nothing can ever happen if they have one
And so on. I'm a programmer, and obviously know computers and the internet fairly well. I never got hacked in WoW and need no authenticator either. The whole term "my WoW account got hacked" is kinda silly, since they're not actually hacked. The players simply are not acpable of keeping their information to themselves.
Quoted for ABSOLUTE TRUTH.
Nothing on the internet should surprise me anymore, but it's just outrageous the number of people in this thread and elsewhere who think that someone or some group has "hacked into Blizzard's account database" and that's why there are so many compromised accounts. While I cannot state that this is 100% impossible, it is so far outside the realm of probability that you would actually sound more intelligent blaming Martians for the hacked accounts.
Everyday there seems to be someone complaining about getting hacked. I even know a guy in real-life that has been hacked. I'm assuming that it's because of the third party add-ons that are "required" to play, but is that the reason or is there something else?
I don't get this. This my sound elitist, but you have to be a PC security doofus to get your PC infected through a lua script addon.
People that have been "hacked" and say they haven't played WoW for "X" numbers of years were not hacked. They received an e-mail saying that the WoW account they have has been compromised or suspected to be involved in RMT and that steps will be taken to ban or suspend the account unless they verify it by clicking some links in the e-mail.
They do not think any further and go "Holy shit my account was hacked!". Some people don't care and don't follow further. While others do not hesitate to click the links and try to verify the accounts and that's when they really get hack. After that they freak out and say i'm really internet savy don't buy gold have anti-virus and whatever installed on my PC and I am hacked proof, therefore it must be blizzard fault. If you have any kind of doubt about your account log-in to it thru www.worldofwarcraft.com nowhere else.
I have had my WoW account hacked twice and both time it was because of me. And no I didnt buy gold or click stupid link or try to use hacks. I won't go into details but if you get hacked it's all on you.
Finally, Blizzard does not issue warning when they close an account they close it. You will get an e-mail saying that the account is permanatly close and the reason why.
So why do so many people get hacked in WoW because they think they know everything about everything and therefore cannot be hacked while getting hacked can be pretty easy specially when you think you are the best interweb expert on the planet.
Another thing of note is to imagine how many people use (or have used) thottbot. It was probably the most popular site to get WoW information. These days there are several other choices, but anybody who's played vanilla WoW or BC would probably head to thottbot first when they return to the game.
About a month ago I went to thottbot and my kaspersky popped up, saying it blocked one of the ads on thottbot from executing certain malicious scripts. So just imagine for 1 second how many WoW players use thottbot, and how many non-tech savy individuals out there that don't have a decent AV software, went on thottbot and got infected? They wouldn't even know it unless they have an updated AV software installed. Once a keylogger or other backdoor spyware got installed, that's all she wrote, that's all they needed to start collecting login information.
I'm sure thottbot's site owners didn't do this on purpose, it was simply one of the ads that paid them money to get a spot on the site. Credit them, they took the malicious ads down. But everybody always thinks sites that are legit are completely safe when they are not. People go around talking about how certain sites/addons have a good reputation, so they're 100% safe and there's nothing you need to worry about. I can imagine quite a few WoW players got infected by the malicious ads on thottbot when they were up.
Bottom line is, crap happens, and yes it can happen to some of the most reputable or well known sites. The scammers are trying multiple ways to obtain your information, ranging from emails, to ingame chats, to malicious online ads, to forum links that link to keyloggers, etc.. there are just too many ways to mention. I get a scammer tell every single day on my characters, always someone wanting me to login to a site to either claim a reward, to get the cataclysm beta key, or to answer a petition/survey.
The reason they are still doing it on a daily basis today is because they are indeed succeeding. Even if 1% of WoW users fall for it, 1% of 2 million North America subscribers fall for it, that is still 20,000 accounts. That's still *a lot* of accounts. And it's a generous figure saying only 1% got scammed, and 20,000 is only 1% of 2 million last known NA number. This isn't counting the numbers in Europe or Asia. So for people to say these many users getting "hacked" must mean Blizzard's database was compromised, really? If you do the math, this is much like all those viagra spam emails, where they get 1% conversion rate and still making $200k a year doing nothing but sending out spam. It really is not too far fetched to imagine that 1% of WoW players would fall for these scam tactics, or somehow unknowingly got infected by online ads.
People don't practice safe internet. . This includes me. I did something stupid and got hacked. I downloaded a mod from wowinterfaces, i think thats the name. I noticed it was an .exe but I figure, wowinterface is safe. Wrong. . And people give out their passwords to people who they think are their friends. . And people respond to those fake blizzard phishing emails. . etc, etc.
Security at Blizzard is fine. People's accounts are easily traceable with all the info on the web. Inactive accounts are the big target cuz they're the least noticeable target. The scammers phish them, spam in chat. Get these abandoned accounts banned, then it's a whole mess for someone.
Explain to me how one would 'phish' an inactive account.
People that have been "hacked" and say they haven't played WoW for "X" numbers of years were not hacked. They received an e-mail saying that the WoW account they have has been compromised or suspected to be involved in RMT and that steps will be taken to ban or suspend the account unless they verify it by clicking some links in the e-mail.
They do not think any further and go "Holy shit my account was hacked!". Some people don't care and don't follow further. While others do not hesitate to click the links and try to verify the accounts and that's when they really get hack. After that they freak out and say i'm really internet savy don't buy gold have anti-virus and whatever installed on my PC and I am hacked proof, therefore it must be blizzard fault. If you have any kind of doubt about your account log-in to it thru www.worldofwarcraft.com nowhere else.
I got a single email from Blizzard. The 2 links in the email were to www.worldofwarcraft.com. Seemed pretty legit to me.
So why do so many people get hacked in WoW because they think they know everything about everything and therefore cannot be hacked while getting hacked can be pretty easy specially when you think you are the best interweb expert on the planet.
That's just it. Nobody's claiming to 'know everything about everything'. I'm saying, my account was hacked, my friends' accounts were hacked, we've never had problems in the hundreds of similar Internet-based things we do (many of which are as popular as WoW), and we don't believe the problem was initiated from our side.
Yet out here, we're instantly 'stupid', 'careless', 'clueless', a 'simpleton', etc. when we suggest that just MAYBE, it's Blizzard that has the problem here. Heaven forbid...
For the record, I have no problem with the CS group at Blizzard, they quickly restored my account to me (even though I'm not actively subscribed), and I haven't logged into the game since.
Suspend your disbelief for a moment and consider if it wasn't my computer/client that was compromised. My account name was different than my email address. What other exaplanations for my account being broken into can you reasonably come up with?
So I know this has been said many times so far in this thread and people aren't reading so maybe I will be one of those that says it again.
When you get an e-mail that says you are suspended for spamming, using 3rd party programs, etc., then chances are that the e-mail was sent by the potential person who wants to steal your account information. By clicking on the link in the e-mail you are going to that potential person's website that is disguised to look like Blizzard's. When, you put in your log-in information you are giving them your information that allows them to log into your account.
So, really, you aren't being "hacked". You are just tricked or fooled into giving away your information.
I fell for this trick myself as I got an e-mail telling me that my account was in jeopardy of being suspended for spamming real money. I clicked on the link and put in my log-in information to find out more details. Later on, I found everything on my characters were missing. Fortunately, I went straight to Blizzard's site and shut down that account.
People are being hacked because the "evil" websites are very convincing and if you don't know what you're doing then it's easy to get fooled. I've learned my lesson. From now on, when I get an e-mail telling me that I've been suspended or violated some part of the game I don't click on the link. First thing I do is log into the game to see if I'm in "jail" or if I can log in. Or, I manually type in the correct address (not clicking on any links) to the home page of the game's website and then go into my account from there. Never had a problem with being hacked or fooled or tricked again.
My WOW account got hacked. I have never used addons, I use a seperate laptop to web surf and check e-mail. I have never shared my account info with anyone.
I have never added Blizz to my safe senders so all goes to spam which I delete. Someone please explain how I got hacked.
Also someone in our guild got hacked after they got the authenticator ( they must produce the pet on demand for GV access)
Comments
It's a mix of things really, as has been said, WoW is an easy target because of the huge number of people playing it. Carelessness surely plays a part as well.
And i doubt it is because of battle.net, could be your browser was exposed when you converted to bnet, or some other reason, but i doubt it's because some 'hacker' have access to the bnet servers/account database as some people seem to think. Me and some of my friends converted to bnet as soon as was possible and i've never been "hacked".I also never ever click any wow related links in emails. Also never ever post your bnet email address on a public forums, which ALOT of people are doing, just check how many have that little email icon under their name at the mmo-champion forums for example!
To stay safe there are a few easy things you can do, Firefox +noscript is a given, then a firewall, and some anti spyware software like Spybot S&D, and voila as long as you don't do anything stupid like running an executable to install some addon then the chances you will lose your account are very slim.
While I did not read through this whole thread as a computer security professional I will tell everyone why and how their accounts get hacked.
1. WOW is just like Microsoft windows it's the white whale of online games. There are a lot of captain Ahab’s out there looking to slay the Moby dick of online games for fun and profit.
2. There a lot of players that just don't know much about computer security. They use names or words found in a dictionary as a password. They don’t' keep their firewall and virus software up to date. They respond to phasing attempts who hasn't gotten those tells telling you to go here and update your account info lately. Oh and please don’t' follow links to unknown websites on the wow forums it's a good way to download a key logger or Trojan.
3. People that don't buy the authenticator really it's cheap and makes it much harder to hack your account not imposable but very hard.
I would be surprised if Blizzards account database has been hacked it would be behind more than a few firewalls and they would have network packet snuffers installed looking for any number of hacking attempts. One thing is for sure hacking Blizzards account database would be costly and take some time not imposable though.
What can people do to protect themselves?
1. Buy the attenuator it does make hacking the account very hard.
2. Use a passphrase as a password. Like I<32PlayWoW don’t' use this but you get the idea.
3. Stay away from websites you are unsure about. Websites can download a key logger onto your computer. Mostly they are links to videos or game info found in the wow forums.
I hope this helps
There are alot of conflicting opinions from a few people who say and seem to know what they are talking about I'm kind of inclined to agree with this though. I played WoW from launch til a bit after TBC which was before this battle.net switch and I have never recieved an email about WOW period. I don't know much about computers but I know if someone is foolish enough to just trust that a company won't do something is someone asking to get dealt with. Someone already pointed out some of the numerous examples of companies gone wild so I don't feel the need to add to it.
Even without much knowledge about the net I can see the lunacy in using an email address as a sign in where people can conceivably find things out about someone, I've never done anything illegal but I have certainly gotten my fair share of unoffered information on people simply by knowing an email address.
I think a simple way to do some figuring as well is to simply look at the events taking place around the time of the increase in compromised accounts and I would think there is going to be some event pointing to how and why this is happening because around the time I had any interest in WOW this was not going on as much as it seems to be now. Oh and one other poster mentioned people playing on private WOW servers I've never done that either.
but yeah, to call this game Fantastic is like calling Twilight the Godfather of vampire movies....
Add-Ons have so little to do with it.
That's just the easiest thing to pick on. It's seriously just bad security protocol from users. The emails they sign on with and the passwords they choose. That's why the Authenticator work, it adds that extra bit of encryption.
I kill other players because they're smarter than AI, sometimes.
^^
Hackers love to target mass amounts of people, because they know they have the best chance at success when targeting games with tons of players. Gamers are not always tech savy, and even the most careful people make mistakes sometimes. It only takes one mistake for you to get hacked. And well, when you have tons of players in WoW, you are bound to have more people who are not careful, not tech/internet savy, and many simply don't know the difference between a fake phishing email vs a real one.
People get an ingame tell from Blizzadmin saying they need to go online to respond to a survey/ticket, or to collect an ingame reward, I know there are people who fall for that kind of stuff. While it's an obvious scam attempt to many of us, to many others they just don't know the difference.
Cata beta is a big one right now, because a lot of people want to get into the beta to get a sneak peak of the upcoming expansion. I've seen lots of phishing attempts as well as ingame tells about getting a beta key.
3rd party addons are usually safe except for ones that have an ingame browser that can execute scripts. Also what's unsafe is to download some program to update your addons for you. To me that's just laziness and asking for trouble.
All in all, scammers aren't doing anything different in WoW than what they do for other things. You see phishing emails from your favorite bank all the time, asking you to login to do something. You see emails that want to give you a $50 gift certificate to a retail store, all you got to do is login to your amazon or ebay account. Scammers used to only target real life information such as bank accounts, credit card numbers, identity such as ss and driver's license #'s, etc.. But lately they've found it to be profitable to hack WoW accounts, so they're doing so now too.
EQ1-AC1-DAOC-FFXI-L2-EQ2-WoW-DDO-GW-LoTR-VG-WAR-GW2-ESO
I find it hard to believe Blizzard's security is worse than some F2P outfit with 30 employees. Less savvy people get hacked and WOW is loaded with people that aren't savy on the web.
You'd figure if the security was so bad, major guilds with REALLY valuable toons would be getting stolen left and right=) Not happening is it?
Two more for the 'Users are stupid, it's obviously their fault' chorus. Have you read the messages in this thread at all, or are you just spewing your uninformed generalizations about hacking? The sheer numbers of accounts being hacked should be an indication that you're barking up the wrong tree.
I didn't get hacked from my end. I'm virus/trojan/3rd-party-add-on free. I don't answer phishing emails; in fact, I can't recall ever having received any. I run my browser in paranoid/secure mode.
I never respond to anything web-related ingame. In fact, it's ridiculous to even suggest this as a possible cause for these hacked accounts; nobody I know is stupid enough to fall for that junk - we've been playing these things since the late 90's, believe me, we've seen it all.
Nope Nope Don't use anything like that.I run the generic WoW UI with no 3rd party add ons. This account was dormant for MONTHS before it suddenly got banned for illegal ingame activity, and had barely been accessed at all in the past few years.
Yet my my email accounts, my dozens of other online accounts at stores, online games, message boards, etc have never been hacked. If it was so easy to do, and I'm such a stupid user, why wouldn't these be targeted?
This is probably the 3rd of 4th time I've seen a thread like this pop up out here, because there's clearly an issue with account security in this particular online game. Yes, a small % of accounts can surely be hijacked through scams and such, but this is clearly not the case here - the volume of accounts being compromised is ridiculously large. I'm generally not much of a 'conspiracy theory' guy, but in this case I'm inclined to think that it's something either at Blizzard corporate itself, or some exploitable weakness in their authentication system that's causing this. Hopefully they'll get it buttoned up soon.
You are assuming as much as anybody else is assuming otherwise. So since we're all assuming, there's no need to get all smartass about it. Is it possible a company can have its customer login database exploited? Yes, sure it's possible. Do we know for sure this is what happened? No. Is it likely this is what happened? I doubt it, because passwords are encrypted so at the most a hacker would get the usernames/email address, they'd still need to obtain the password somehow.
But hey, anything can happen. Maybe it's made of cheese who knows. But while we're all just assuming and speculating, please don't act like you know any more than anybody else.
EQ1-AC1-DAOC-FFXI-L2-EQ2-WoW-DDO-GW-LoTR-VG-WAR-GW2-ESO
Honestly, if anyone thinks there's one overarching reason (save for the sheer amount of targets the game has) why all the people have been hacked, they're being a simpleton.
I'm not here to complete my forum PVP dailies.
I hate posting long posts that your average 4chan troll (Not you Josher, just in general) think is too long to read.
Let me sum it up.
Security at Blizzard is fine. People's accounts are easily traceable with all the info on the web. Inactive accounts are the big target cuz they're the least noticeable target. The scammers phish them, spam in chat. Get these abandoned accounts banned, then it's a whole mess for someone.
The gear doesn't matter so much, but it's a perk if you run across it as a scammer.
I kill other players because they're smarter than AI, sometimes.
Hacking is taking a new turn. There is much less brute force attacks now. Go attend an IT Security conference and you'll find that almost all hacking is now malware attempts. Google, along with about 30 other large companies, was hacked early this year.
These hacks are hard to crack, they use obfuscated code (basically code within code, within code.) It can be hidden in a web link, files, ims, or email. Once the code goes to work it will most likely run in the background. In the case with Google it ran a internet browser in a 1x1 pixel window. You couldn't see the browser doing all the requests. This isn' t the case for just big corporations, its for everything. Once you are hacked you could end up going to your bank's website and code will run that alters the login. The site looks legit. The certficate looks legit. However, you login and it's not your bank.
Also, spoofing is so easy to use and get large number of people that aren't internet savy. I've got one of those Cataclsym beta emails. It looks pretty legit. How many people do you think followed the link and tried to activate the beta on their account? Probably way too many. People also get scared easily. You get the spam message supposedly from Blizzard telling you that an uknown IP range has attempted to login to your account. Please login and reset your password, use the link below. OHNOES, I'm hacked. Let me reset my password. I'm sure that happens a ton of times.
Edit - For the guy above saying he is malware/virus free. Google and 30 other companies thought so too. Anti-virus programs can't deal with obfuscated code, java code running instead another instance of java, all from a pdf. There are large shops setup in Russia that sell this type of code. They will tailor it to your needs. It's becoming harder and harder to stop. Perhaps Blizzard got hacked, but maybe they didn't. Maybe you are hacked and your computer is part of some huge WoW zombie botnet network. I forgot the figures now, but the number of consumer PCs that are part of botnet is supposed to be an extremely high percentage now. These numbers have more than doubled, more like quadropled in the past 2 years.
Blizzard has customer support through phone.
I know first hand they use outsourcers for there customer support through phone as well as their "own" call centers.
people who work in call centers:
students part time
housewifes
ex-hoars
ex cons
drug addicts
get a 2 week introduction for tech support, 3 week for admin, additional 2 days foe fulfillement support and your ready to call
youreself a 1st level supporter.
student, housewife, ex-hoar, ex-con, drug addict all have access to your account info.
put one and one together.
there you go.
The wave of stolen accounts currently goes through several MMOs. WoW, Aion, RoM...
Btw, in RoM you can type in your password by clicking letters/numbers on your screen. Most of the stolen accounts had the same login information for forums as for the game, it seems.
A hard time for MMOs.
Quite simply, the reason so many on WoW get hacked is the median age of the players which has become much lower, the high profit margin for the hackers, and the vast amount of players which raises the odds in the hacker's favor...
It's simple why so many people get hacked.
WoW attracts many people who don't have much experience with the internet or gaming, and thus ain't used to phising or trojans or simply keeping their passwords save
many people give their passwords to friends ("I can't participate in the raid today, please play my char for me, here is the password")
many players are very young and easily fall for traps. They see a youtube video saying "go to this website and login to play cataclysm" and they do it. Or read a mail saying "login here or your account gets banned" and they do it
many people download addons containing trojans or go to unsecure websites, and then send those addons eve to friends
use of leveling services and such stuff
people often read that others get hacked, and then assume if they get hacked themselves, it's Blizzards fault, not theirs, and thus they don't learn
trusting the authenticator too much, thinking nothing can ever happen if they have one
And so on. I'm a programmer, and obviously know computers and the internet fairly well. I never got hacked in WoW and need no authenticator either. The whole term "my WoW account got hacked" is kinda silly, since they're not actually hacked. The players simply are not acpable of keeping their information to themselves.
Let's play Fallen Earth (blind, 300 episodes)
Let's play Guild Wars 2 (blind, 45 episodes)
Quoted for ABSOLUTE TRUTH.
Nothing on the internet should surprise me anymore, but it's just outrageous the number of people in this thread and elsewhere who think that someone or some group has "hacked into Blizzard's account database" and that's why there are so many compromised accounts. While I cannot state that this is 100% impossible, it is so far outside the realm of probability that you would actually sound more intelligent blaming Martians for the hacked accounts.
They are morons.
ROFLMAO
People that have been "hacked" and say they haven't played WoW for "X" numbers of years were not hacked. They received an e-mail saying that the WoW account they have has been compromised or suspected to be involved in RMT and that steps will be taken to ban or suspend the account unless they verify it by clicking some links in the e-mail.
They do not think any further and go "Holy shit my account was hacked!". Some people don't care and don't follow further. While others do not hesitate to click the links and try to verify the accounts and that's when they really get hack. After that they freak out and say i'm really internet savy don't buy gold have anti-virus and whatever installed on my PC and I am hacked proof, therefore it must be blizzard fault. If you have any kind of doubt about your account log-in to it thru www.worldofwarcraft.com nowhere else.
I have had my WoW account hacked twice and both time it was because of me. And no I didnt buy gold or click stupid link or try to use hacks. I won't go into details but if you get hacked it's all on you.
Finally, Blizzard does not issue warning when they close an account they close it. You will get an e-mail saying that the account is permanatly close and the reason why.
So why do so many people get hacked in WoW because they think they know everything about everything and therefore cannot be hacked while getting hacked can be pretty easy specially when you think you are the best interweb expert on the planet.
Another thing of note is to imagine how many people use (or have used) thottbot. It was probably the most popular site to get WoW information. These days there are several other choices, but anybody who's played vanilla WoW or BC would probably head to thottbot first when they return to the game.
About a month ago I went to thottbot and my kaspersky popped up, saying it blocked one of the ads on thottbot from executing certain malicious scripts. So just imagine for 1 second how many WoW players use thottbot, and how many non-tech savy individuals out there that don't have a decent AV software, went on thottbot and got infected? They wouldn't even know it unless they have an updated AV software installed. Once a keylogger or other backdoor spyware got installed, that's all she wrote, that's all they needed to start collecting login information.
I'm sure thottbot's site owners didn't do this on purpose, it was simply one of the ads that paid them money to get a spot on the site. Credit them, they took the malicious ads down. But everybody always thinks sites that are legit are completely safe when they are not. People go around talking about how certain sites/addons have a good reputation, so they're 100% safe and there's nothing you need to worry about. I can imagine quite a few WoW players got infected by the malicious ads on thottbot when they were up.
Bottom line is, crap happens, and yes it can happen to some of the most reputable or well known sites. The scammers are trying multiple ways to obtain your information, ranging from emails, to ingame chats, to malicious online ads, to forum links that link to keyloggers, etc.. there are just too many ways to mention. I get a scammer tell every single day on my characters, always someone wanting me to login to a site to either claim a reward, to get the cataclysm beta key, or to answer a petition/survey.
The reason they are still doing it on a daily basis today is because they are indeed succeeding. Even if 1% of WoW users fall for it, 1% of 2 million North America subscribers fall for it, that is still 20,000 accounts. That's still *a lot* of accounts. And it's a generous figure saying only 1% got scammed, and 20,000 is only 1% of 2 million last known NA number. This isn't counting the numbers in Europe or Asia. So for people to say these many users getting "hacked" must mean Blizzard's database was compromised, really? If you do the math, this is much like all those viagra spam emails, where they get 1% conversion rate and still making $200k a year doing nothing but sending out spam. It really is not too far fetched to imagine that 1% of WoW players would fall for these scam tactics, or somehow unknowingly got infected by online ads.
EQ1-AC1-DAOC-FFXI-L2-EQ2-WoW-DDO-GW-LoTR-VG-WAR-GW2-ESO
People don't practice safe internet.
.
This includes me. I did something stupid and got hacked. I downloaded a mod from wowinterfaces, i think thats the name. I noticed it was an .exe but I figure, wowinterface is safe. Wrong.
.
And people give out their passwords to people who they think are their friends.
.
And people respond to those fake blizzard phishing emails.
.
etc, etc.
Well shave my back and call me an elf! -- Oghren
Explain to me how one would 'phish' an inactive account.
That's just it. Nobody's claiming to 'know everything about everything'. I'm saying, my account was hacked, my friends' accounts were hacked, we've never had problems in the hundreds of similar Internet-based things we do (many of which are as popular as WoW), and we don't believe the problem was initiated from our side.
Yet out here, we're instantly 'stupid', 'careless', 'clueless', a 'simpleton', etc. when we suggest that just MAYBE, it's Blizzard that has the problem here. Heaven forbid...
For the record, I have no problem with the CS group at Blizzard, they quickly restored my account to me (even though I'm not actively subscribed), and I haven't logged into the game since.
Suspend your disbelief for a moment and consider if it wasn't my computer/client that was compromised. My account name was different than my email address. What other exaplanations for my account being broken into can you reasonably come up with?
So I know this has been said many times so far in this thread and people aren't reading so maybe I will be one of those that says it again.
When you get an e-mail that says you are suspended for spamming, using 3rd party programs, etc., then chances are that the e-mail was sent by the potential person who wants to steal your account information. By clicking on the link in the e-mail you are going to that potential person's website that is disguised to look like Blizzard's. When, you put in your log-in information you are giving them your information that allows them to log into your account.
So, really, you aren't being "hacked". You are just tricked or fooled into giving away your information.
I fell for this trick myself as I got an e-mail telling me that my account was in jeopardy of being suspended for spamming real money. I clicked on the link and put in my log-in information to find out more details. Later on, I found everything on my characters were missing. Fortunately, I went straight to Blizzard's site and shut down that account.
People are being hacked because the "evil" websites are very convincing and if you don't know what you're doing then it's easy to get fooled. I've learned my lesson. From now on, when I get an e-mail telling me that I've been suspended or violated some part of the game I don't click on the link. First thing I do is log into the game to see if I'm in "jail" or if I can log in. Or, I manually type in the correct address (not clicking on any links) to the home page of the game's website and then go into my account from there. Never had a problem with being hacked or fooled or tricked again.
My WOW account got hacked. I have never used addons, I use a seperate laptop to web surf and check e-mail. I have never shared my account info with anyone.
I have never added Blizz to my safe senders so all goes to spam which I delete. Someone please explain how I got hacked.
Also someone in our guild got hacked after they got the authenticator ( they must produce the pet on demand for GV access)
Haradek Shadowstalker
EQ,EQII,SWG,AO,DAOC,Planetside,COH,WOW