Can anyone tell me how the email address I use for this account has been obtained by spammers? I've only ever used this email address for this web-site, I have my email address set to private in the settings, yet today I got an email purporting to be from billing@blizzard.com saying:
Hello,
This is an automated notification regarding your World of Warcraft account. Your account options was recently modified through the Account Management website.
If you made this change to your subscription type, please disregard this automatic notification.
*** If you did NOT make any changes to your account or subscription, we recommend you login to Account Management at the following link to review your account settings:
http://www.worldofwarcraft.com/billing/
As far as I can see, my email was either scraped, stolen or sold from mmorpg.com.
Comments
*Grabs some popcorn*
Everyone's email address here is readily available for any human and most web crawling 'bots'.
It's {member name} @mmorpg.com. All a bot has to do is be programmed to look for the member's name in specific areas of the site's forum formatting. The only way to prevent retrieval from that is to never post in the forums.
I get those Blizzard Spam Emails on a weekly basis.. nothing you can do execpt not get sucked in & send em your WOW info
We are seeing this a lot in the past month or so. I have looked into your account and your address follows the same pattern. It has the format mmorpg@<whateverdomain>.com. You likely made this account with "mmorpg" at your favorite mail domain because it would relate to our site. However, this is obviously a common acronym.
So what the phishing scumbags are doing is taking common words like "mmorpg", "mmo", "mmog" or whaver and then appending it against all the registered domains in the world (public record).
While our system was hacked back in 2007 (which we announced in our news to warn our community) we have not had any such breach since to our knowledge. After that attack we drastically upped our security and database isolation. Luckily about the most private data we have here is peoples email - we don't store anything else that would really be considered private data.
Rest assured we do everything we can do protect our site and would never in ten billion years give or sell your information to anyone.
- MMORPG.COM Staff -
The dead know only one thing: it is better to be alive.
ohhhh. That address! All I can say is I have never recieved any spam on the address I used to register at MMORPG.com in over six years. I have also never used that address for any game or forum. I have also only received 2 spam mails at the MMORPG.com address in that time period.
Thanks, that's a reasonable (and rapid) explanation.
I've had this problem from certain sites (such as Open Office and eMusic). I'm happy to accept the issue here was my poor choice of email address.
Thanks again.
I would recommented that you not reply to those email spams. I get that on a daily basis. The first few time I recieved that, I was wondering why Blizzard would send such a mail to me. Than I made the mistake of replying. Guessed what followed? My WoW acct was hacked and believed to be sold to an online acct buyer. They changed all the infor on my acct and basically blocked me out from using it. Since I've already quitted WoW for almost a year now, I don't feel the need to reclaim that acct. So I guessed at this moment, whoever brought my acct is probably playing it and lvling my toons for me. With that acknowledge, if I ever do want to jump back on WoW again, I'll just have to call up Blizzard support and fax in my ID and the acct keys and I should get my acct back with my toons all geared up and lvled. hehe I hope.
So yeah, DO NOT reply to those email spams.
Yeah as long as your email is somewhere on the internet on a site with games, you will end up getting fake emails about any game possible that you could be playing as long as it is popular. Most of the time wow.
Well, as far as I can tell the MMORPG.com mailing list has been exposed somehow.
I only use this e-mail address for this site (one of the advantages of being a mail admin - most of the time if I get spam I can just drop the related e-mail address). It hasn't been used anywhere else and I don't think I've even posted here before.
Since the 31st of July I've gotten five phishing e-mails on it. Might be time for another e-mail address replacement.
Happens.
Robert
It's really quite simple. Nothing has been "exposed" or hacked or anything. You know those jackass spammers that always seem to show up around the weekend, as well as a few during the week?
All they do is start clicking on names and sending PM's. Or they just copy down your user names, as everyone's mmorpg.com e-mail is (username)@mmorpg.com
-Letting Derek Smart work on your game is like letting Osama bin Laden work in the White House. Something will burn.-
-And on the 8th day, man created God.-
Same. Got 5 or 6 phishing attempts about my "WoW Acct" from people pretending to be Blizzard.
Too bad I don't have a WoW acct.
All in about that timeframe (or a few days before) too.
Wrong.
I am getting stuff send to my web mail, the address for which, the people at MMORPG.com send me stuff. That adress is not listed publically, and is only available to MMORPG.com staff.
So, my guess is there has been a security breach of some sort.
There are myriads of discussions, security notifications, white papers, and black-hat presentations floating around out there if you really want to know how such things are done.
I get those all the time on e-mail accounts I never used for either here or for WoW or any other mmo.
You do know that obtaining e-mail lists from ISPs is fairly simple for a second-rate hacker, right?
Also, this is one reason I do NOT use a wireless connection EVER.
-Letting Derek Smart work on your game is like letting Osama bin Laden work in the White House. Something will burn.-
-And on the 8th day, man created God.-
That may be so, but like the other guy, I have received 5 or 6 in the last 10 days, to the email address I use only for a couple things, and several other people are posting about the same thing. Plus, MMORPG.com had a security breach in 2007 that was a compromise of user info, so it could be happening here.
Not for certain, but more likely than not, to my mind.
Because it happened 3 years ago its more likely then not? What kind of logic is that? If the incident in 2007 wasnt resolved back then, it wouldnt take 3 years for it to happen again. So its more likely that the 2007 incident has nothing to do with this.
Nowadays with so many ppl using websites like facebook you dont have to hack websites anymore to get hold of emailadresses.
True, I remember the breach in '07. I seem to recall some infected ads even before that.
I won't entirely discount it being possible that mmorpg.com was compromised. I just think other avenues should be considered as well.
-Letting Derek Smart work on your game is like letting Osama bin Laden work in the White House. Something will burn.-
-And on the 8th day, man created God.-
I'd expect that PMs or e-mail sent to Swynwraig@mmorpg.com (if that works) would have headers or footers saying "this is a PM from a member at MMORPG.com". I'd also expect that mail turning up that way would be coming from a mmorpg.com SMTP server, whereas these are coming from hotmail directly to my subscribed e-mail address.
Maybe the e-mail address was guessed or exploited out of my own e-mail server, but then I'd expect Blizz related phishing on the myriad other e-mail addresses I use (including the one for actuall Blizzard e-mail).
I had something similar happen with a pile of business mailing lists I was subscribed to earlier in the year. A whole lot of them were using aweber.com and sure enough a few days later I find:
http://www.problogger.net/archives/2009/12/20/has-aweber-been-compromised-reports-of-spam-going-to-aweber-lists/
EDIT2: Alright time flies, maybe last year.
EDIT: Normally I just don't care about spam, but for some reason these ones aren't being picked up by Spamassassin so I notice them. It's not a big deal for me regardless of how the spammers got the e-mail address. I'll just change it to a new one in a few weeks (when hopefully if there is a leak it'll have been fixed).
I make up a new username and password for every new account. I never use actual words anymore. I only do that for forum display names. But those are never related to account or email adresses. It would be the easiest way of datamining otherwise for someone to retrieve my personal info.
Nah I have been getting two spams from emails only used here on MMORPG.com to try to compromise non existant WoW accounts. Speculative phishing what is annoying it is this site they have got the addresses from.
________________________________________________________
Sorcery must persist, the future is the Citadel
bleh, i got a phishing email this week too and my username is not the same as my email address... I don't even have a WoW account tied to the email I use here anymore and haven't for over a year. This is pretty annoying as I value my internet privacy. So yeah I am thinking about deleting my account, haven't decided yet but I probably will. I hardly ever post anyway and just lurk.
I get WoW phishing e-mails on my hotmail account. I've never had a World of Warcraft account or anything. We've looked into this issue and as far as I know there has not been a breach of security. Most of the users reporting this issue (receiving spam emails on an address they only used to register on our site) typically have mmorpg somewhere in the e-mail address itself and as Craig pointed out earlier, spammers are probably just hitting e-mails like this on a variety of domains.
Well since my email is different than @mmorpg it makes me wonder how they got mine. Makes me wonder since I only give that email address out to reputable online stores (Amazon, Newegg, and Ebworld) or mmo games, and this site if someone is selling information to these scammer peeps, it is probably Sony.
Yeah, I am getting the spam too. Both here at my @mmorpg.com email and the one I originally registered with mmorpg.com. So I am suspicious. It's duplicate spam at each account...
Okay, this has got to be one of the worst I've gotten in ages:
Greetings!
In order to make our servers more efficient, we are taking the time to remove inactive accounts. We are mass mailing all email addresses registered to World of Warcraft accounts to target those that are inactive. If you are currently active in the World of Warcraft, or plan on picking up where you left off the in the future, please continue reading. If you do not foresee yourself ever rejoining us, please disregard this message.
Please take a moment and login to your Battle.net Account to verify and maintain your enjoyable gameplay experience.
Be sure to tell all of your friends and guildmates to check their email, as we want to make sure all active accounts remain playable.
Thank you for your time and attention to this matter, and your continued interest in World of Warcraft.
Sincerely,
Account Administration
Blizzard Entertainment
Do they seriously think I am going to believe Blizzard is deleting inactive accounts?