I am not saying there hasn't been an increase. It is also not the first time there has been an increase of response time due to hacked accounts.
It is however the first time as far as I know that Blizzard has instituted a new 'care package' policy in lieu of a complete restoration of your account.
I know back in vanilla wow blizzard offered some sort of "leg up kit" for hacked accounts. I'm just curious what you think this suggests?
I hadn't heard of it before. If you can provide a link or at least some details then that would refute my assertion that this is the first time something like this has happened.
I only remember that EQ called them leg up kits, but I don't recall to much about them in wow. Only remember seeing it once, but I will see if I can email who it happened to and see what details they remember.
This same exact conversation is going on in the aion forums, but then again it is mathematically possible that both companies had major security brake downs and all those players that keep repeating the same security misinformation are right that they are invulnerable to getting hacked. Nice analogy though. It doesn't really change anything, but still a decent analogy.
On the contrary I have said all along that it may not be related to a Blizzard breach of security, only that we can't simply maintain that it MUST be a user created problem. If some new security vulnerability has been found it's quite possible that more than just WoW user accounts would be compromised.
Thanks, I thought you might at least enjoy the analogy.
My gut feeling is that the apparent rise in compromised accounts is the result of WoW account login's being changed from random player created log in names to Actual email accounts.
I don't blame Blizzard for anything other than forcing the change (and a little short sightedness in not seeing this as a potential problem).
I suspect the email addresses have been retrieved from any number of various websites, Free to play's, MMO fansites, tech sites etc of which I am a member of many and signed up for prior to Battlen.net's existance.
I made an error in not creating a brand new email specifically for Battle.net and paid the price.
Blizzard has been totally cooperative and so far the only thing lost has been a couple of hours of my time (which as the current point in my life is pretty worthless).
I am not saying there hasn't been an increase. It is also not the first time there has been an increase of response time due to hacked accounts.
It is however the first time as far as I know that Blizzard has instituted a new 'care package' policy in lieu of a complete restoration of your account.
I know back in vanilla wow blizzard offered some sort of "leg up kit" for hacked accounts. I'm just curious what you think this suggests?
I hadn't heard of it before. If you can provide a link or at least some details then that would refute my assertion that this is the first time something like this has happened.
I only remember that EQ called them leg up kits, but I don't recall to much about them in wow. Only remember seeing it once, but I will see if I can email who it happened to and see what details they remember.
Still, what do you think this proves?
Well unless it was Blizzard that was offering this it doesn't prove much of anything. My assertion is that this particular bout of compromised accounts has hit Blizzard harder than in the past. 4 things make me feel that way now.
1) Blizzard is considering making authenticators mandatory or so has been reported.
2) Blizzard has issued a post on their forums stating that customer support calls have been very high. It has happened before, but it's still unusual for that to happen.
3) Blizzard has started to offer players a "care package" in lieu of a full account recovery. Again even if it's not the first time it is unusual.
4) Inactive accounts are now being compromised and activated, which I hadn't heard of until recently.
While none of these things by themself are proof of anything, taken together it is circumstantial evidence that this is a much bigger problem than what Blizzard has been faced with in the past. And while that doesn't prove that's it's any more likely that it might not be a "user" created problem, I think it's enough to make one consider their might be another explaination no matter how unlikely.
I have never said that it must be a Blizzard security issue and in fact I argued with you on this point earlier. All I'm saying is that it might not be a user created problem as you are assuming. There are other possibilities.
I am not saying there hasn't been an increase. It is also not the first time there has been an increase of response time due to hacked accounts. The posts I was referring to were posts just like this were people get hacked, have no idea how and find some conclusion that absolves themselves of responsibility.
There is an increase in hacked accounts during the time where many people changed their login name to something they have been spreading all over the internet for years. The same login name they most likely use for password recovery services. Was this inspiring by a stupid choice from blizzard, sure. Is it a crystal clear example of users being irresponsible with their login credentials, yes.
Well we all know where to find posts absolving Blizzard of all responsibility dont we?
After reading some of this thread.. i tried loggin on my 2 month in-active account on battle.net. Then it tell's me i need to enter a Battle.net Authenticator code. I never ordered one of their Battlenet authenticator's, and never got a email about anything. I find it weird that if my account got hacked... that someone would order one. Very odd blizzard very very odd..
After reading some of this thread.. i tried loggin on my 2 month in-active account on battle.net. Then it tell's me i need to enter a Battle.net Authenticator code. I never ordered one of their Battlenet authenticator's, and never got a email about anything. I find it weird that if my account got hacked... that someone would order one. Very odd blizzard very very odd..
i have heard of a few cases like that, seems to be mainly a way to slow the recovery of the account.
After reading some of this thread.. i tried loggin on my 2 month in-active account on battle.net. Then it tell's me i need to enter a Battle.net Authenticator code. I never ordered one of their Battlenet authenticator's, and never got a email about anything. I find it weird that if my account got hacked... that someone would order one. Very odd blizzard very very odd..
i have heard of a few cases like that, seems to be mainly a way to slow the recovery of the account.
There's been a bit more than a few cases of it. There's been quite a few cases.
After reading some of this thread.. i tried loggin on my 2 month in-active account on battle.net. Then it tell's me i need to enter a Battle.net Authenticator code. I never ordered one of their Battlenet authenticator's, and never got a email about anything. I find it weird that if my account got hacked... that someone would order one. Very odd blizzard very very odd..
i have heard of a few cases like that, seems to be mainly a way to slow the recovery of the account.
There's been a bit more than a few cases of it. There's been quite a few cases.
They hacked into my account. Attached an authenticator to it so I could not even get into my own account. Its the standard method of operations now. I quit the game before the authenticator existed.
After reading some of this thread.. i tried loggin on my 2 month in-active account on battle.net. Then it tell's me i need to enter a Battle.net Authenticator code. I never ordered one of their Battlenet authenticator's, and never got a email about anything. I find it weird that if my account got hacked... that someone would order one. Very odd blizzard very very odd..
This is exactly what has happened to me as well. My account got hijacked out of nowhere, then I called Blizzard and they supposedly restored my account, but I still get a message that I need to activate the Authenticator for my account. So I guess whoever stole my account put an authenticator onto it also. And now I have to email them back again going through this whole process again!
One funny thing - when I was talking to the support person and he was looking at my account activity during the period when it was compromised, he noted that it was strange because the access was actually occurring in the US and not in China/Asia etc where they usually see IP addresses of hijacked accounts. I'm not saying this would prove that it was an inside job, but it is still very suspicious and strange.
So honestly I have no idea what is going on anymore, I just find the whole situation laughable. LOL! I'm still waiting for some kind of announcement from Blizzard saying "It's possible a large amount of user accounts have been compromised due to a network security breach. We recommend you change your password immediately!"
Originally posted by Pappy13 I have never said that it must be a Blizzard security issue and in fact I argued with you on this point earlier. All I'm saying is that it might not be a user created problem as you are assuming. There are other possibilities.
Ok, we both agree that anything is possible I don't think I was accusing you of making that statement. If that is how it sounded, sorry.
In essence there are 2 ways to get account information.
1) From the account database stored at the company
2) From the user
There really isn't some other place to get it.
There are a few ways to get the information from #1. All very possible, but not very likely all things considered.
There are far more ways to get the information from #2. Either directly or indirectly.
Here are some things that make me believe it is user related
1) This same thread is repeated all the time with the same speculation thrown around. You know what they say about crying wolf.
2) This same thread is happening over on the aion forums right now. Major coincidence?
3) There has been a large influx of hacking efforts and phishing scams lately.
4) Many people changed their login ID to an email address. Many of those email addresses are used in many various non-wow account related ways that are easily accessible. People are basically posting 50% of their login credential for anyone on the internet to take. This really could go on to things such as people reusing the same password all over and things of that nature, but that would be a novel.
5) The lack of understanding many people keep repeating about how they could be compromised and how they think they are safe just further illustrates how misinformed and vulnerable they really are and that there is far more that keyloggers out there. It has been a really long time, but I bet if I had the email address IDs of a few dozen accounts I could into a few accounts just from tooling around the email providers website.
6) The conspiracies that make no sense to justify a company purposefully doing this.
I think it is incredibly stupid for blizzard to make the change to an email address for a login id. What on earth was their reasoning for it I don't know, but that doesn't excuse people from choosing an email address for a login ID that is registered and posted all over the internet. That is like inviting a hacker to try to break into your account.
If someone came here complaining they got hacked after they posted their login name somewhere, would anyone blame blizzard or ncsoft for leaking their information? I doubt it and I'm pretty certain that person would get a ripped a new asshole for being dumb.
P.S. Hacking/reactivating accounts when they become inactive isn't new. Even someone above talked about the blizzard csr admitting that is a favorite tactic of hackers now.
I already warned the mods these posts became pure trolling. "I quit WOW years ago and now I am hacked and I am making wind in the forums about the bad screw up of Blizzard".
Apparently some over here rather want to write 20 useless posts on Blizzard than to pay for ... a 50 cent solution to put an authenticator on their mobile phones. 50 cents and ALL your troubles are over. You didn't install it. Have it your way. And I am quite sure 99.9% of the hacked accounts were ex gold buyers and people using no official virus checkers anyway. Aion doesn't have an authenticator system? Shrug, are there still ANY "normal" players in that game anyway?
Originally posted by Pappy13 I have never said that it must be a Blizzard security issue and in fact I argued with you on this point earlier. All I'm saying is that it might not be a user created problem as you are assuming. There are other possibilities.
Ok, we both agree that anything is possible I don't think I was accusing you of making that statement. If that is how it sounded, sorry.
Apology accepted.
In essence there are 2 ways to get account information.
1) From the account database stored at the company
2) From the user
There really isn't some other place to get it.
Yes there is, potentially anyway.
Let's say that hackers figured out a way to "intercept" your user-id and password combination thru the internet when you log into the game. It's encrypted, but encryption can be broken. I'm not talking about breaking into Blizzard's database and I'm not talking about installing any kind of software on a user's PC. I'm talking about some kind of packet sniffer or something to actually steal the information as it makes its way through the internet. The internet is nothing but a bunch of servers passing the information from 1 place to another. In theory that information could be intercepted and decoded. The encryption is really strong, but people are coming up with ways to break different forms of encryption all the time.
If that were to happen, is that Blizzard's problem? Not really. I don't believe they actually "own" the encryption technique they employ, I could be wrong about that, but I think they use the standard one.
Is that the users problem? Not really. They don't know that it's not a secure connection to Blizzard's servers.
So who is at fault in that scenario? We all assume that it's a secure connection when we are logging into WoW, but is it? How secure is it? And if it's not is it Blizzard's fault or do they just use the common encryption method that all businesses use for private information? And it doesn't necessarily have to be when the user logs into the game. We all have to put in our account information when we want to change something on our account. Perhaps it happens then and not when we are logging into the game. I don't know the particulars of how that security differs from when logging into the game or if it does at all.
Is that far fetched? Yes. Do I think that is what has happened? No. I don't know what has happened. Maybe there's something going on that I don't have any clue about, I'm not a hacker afterall. I just think it's unwise to underestimate the hackers.
Look at it this way. The hackers can compromise 10,000 individuals thru the various forms that we know about today to get access to 10,000 accounts. Or they could compromise 1 database that holds 10,000 accounts of information and get access to 10,000 accounts. Sure it's easier to compromise 1 individual than it is compromise that database, but is it necessarily a lot easier to compromise 10,000 individuals than it is to compromise that 1 database? It probably still is, but....maybe not quite as much easier as we all imagine it to be.
I already warned the mods these posts became pure trolling. "I quit WOW years ago and now I am hacked and I am making wind in the forums about the bad screw up of Blizzard".
Apparently some over here rather want to write 20 useless posts on Blizzard than to pay for ... a 50 cent solution to put an authenticator on their mobile phones. 50 cents and ALL your troubles are over. You didn't install it. Have it your way. And I am quite sure 99.9% of the hacked accounts were ex gold buyers and people using no official virus checkers anyway. Aion doesn't have an authenticator system? Shrug, are there still ANY "normal" players in that game anyway?
The only person here trolling is you.
I posted in this thread to share my related account theft. I know how careful I am when it comes to the security of my PC, I take all the actions I possibly can. I have never bought any kind of currency for any game, I personally think it's rather sad to exchange real money for fake money, and I do believe that there could be people here that have done so, but whatever people do with their own money isn't my concern.
There's only 2 ways that -realistically- someone got my account details:
1) I somehow, from some website (despite having Firefox, Noscript and ABP), got my PC infected with a keylogger/trojan at some point in time when my account was active a few months ago.
2) Blizzard/Battle.net's security has been compromised. As far fetched as that may sound, it's the one I'm obviously hoping for. I remember when CCP got hacked, they had to make everyone change their passwords - they acted quickly, and if Blizzard is in the same boat then they've already reacted too slowly.
After reading some of this thread.. i tried loggin on my 2 month in-active account on battle.net. Then it tell's me i need to enter a Battle.net Authenticator code. I never ordered one of their Battlenet authenticator's, and never got a email about anything. I find it weird that if my account got hacked... that someone would order one. Very odd blizzard very very odd..
Not really. The damn hackers have been pulling that stunt lately. Once they gain access to the account, they just add an authenticator. That keeps other hackers(and the original owner) from changing anything.
One thing to keep in mind, I came back to WoW recently and googled up a bunch of things just to re-learn the game. I noticed a lot of the sites that offer "guides" or useful information are in fact sites that attempt to install a keylogger onto your computer. I've tried to download a mod before, forgot which one, and it came by way of an exe file. So the amount of malicious sites out there for WoW is enormous, and they are often sites you see on the first page of google when you search for something game related.
So when searching for leveling guides, gold farming tips, class info, pvp talents, etc.. be careful which site you browse through. When downloading a mod that seemed cool, or even recommended by some forum user, don't just install it blindly.
When you come upon a site that wants you to login just so you could chat with a pro, or create an account just so they could send you a super secret WoW guidez, you are most likely on a phishing site and being tricked.
WoW is a popular game, and popular games/softwares always get the attention of hackers the most. You won't believe how desperate and creative they get in their attempts to get your account information.
Btw, if this person has bought an autheticator thingy, then doesn't that mean Blizzard has his address? I don't know how they work as they came out just at roughly the same time as I quit (signed up with battle.net for the pet), but a mate told me that you have to purchase it from the store.
Btw, if this person has bought an autheticator thingy, then doesn't that mean Blizzard has his address? I don't know how they work as they came out just at roughly the same time as I quit (signed up with battle.net for the pet), but a mate told me that you have to purchase it from the store.
It can be sent to PO boxes, or store fronts. Various dodges can be used. Given the amount of money that is involved in gold and account sales, people get really creative and sneaky. Not to mention that its rumored that some of the organized crime groups are involved now.
Btw, if this person has bought an autheticator thingy, then doesn't that mean Blizzard has his address? I don't know how they work as they came out just at roughly the same time as I quit (signed up with battle.net for the pet), but a mate told me that you have to purchase it from the store.
Authenticators can also be purchased for mobile devices as electronic downloads.
They are free for certain devices like itouch, etc.
I suppose they could get a new authenticator for each account if they wished.
Oh look WoW has a new bulletin on their front page about how to better secure your account. LOL!
They even list the possible ways that your account may have been stolen under the "Types of Account Theft" section. But they leave out some key types of account theft, what about this case:
"One of our database developers who has access to your login credentials decided to sell your information to a third party so he can purchase a new widescreen HD television."
Oh look WoW has a new bulletin on their front page about how to better secure your account. LOL! They even list the possible ways that your account may have been stolen under the "Types of Account Theft" section. But they leave out some key types of account theft, what about this case: "One of our database developers who has access to your login credentials decided to sell your information to a third party so he can purchase a new widescreen HD television."
Possible, but given the limited number of people with such access, and the logs that are kept, its not too likely.
Oh look WoW has a new bulletin on their front page about how to better secure your account. LOL! They even list the possible ways that your account may have been stolen under the "Types of Account Theft" section. But they leave out some key types of account theft, what about this case: "One of our database developers who has access to your login credentials decided to sell your information to a third party so he can purchase a new widescreen HD television."
Seems very unlikely, considering that a HDTV isn't worth a full-time job and a criminal record.
Oh look WoW has a new bulletin on their front page about how to better secure your account. LOL! They even list the possible ways that your account may have been stolen under the "Types of Account Theft" section. But they leave out some key types of account theft, what about this case: "One of our database developers who has access to your login credentials decided to sell your information to a third party so he can purchase a new widescreen HD television."
Seems very unlikely, considering that a HDTV isn't worth a full-time job and a criminal record.
Well yes I realize that, it's a joke, I'm pretty sure this isn't the actual scenario that played out, I think it was a Blu-Ray player, not an HDTV...
I just want people to realize that there are other ways your account can be compromised. It is not ALWAYS your fault if your account is stolen, but Blizzard will force this shit down your throat, you will all bite the hook and be convinced that if you follow stricter account security practices in the future that this will not happen again!!
I'm sure Blizzard had a big executive meeting about this and they discussed whether it was smarter for them financially to admit they had a security breach, or to just post a bunch of bullshit about how to keep your computers more secure in the future and deal with the increase in customer support calls.
They obviously are choosing to just ignore the problem entirely and deal with all the customer support calls they are going to get.
Oh look WoW has a new bulletin on their front page about how to better secure your account. LOL! They even list the possible ways that your account may have been stolen under the "Types of Account Theft" section. But they leave out some key types of account theft, what about this case: "One of our database developers who has access to your login credentials decided to sell your information to a third party so he can purchase a new widescreen HD television."
Seems very unlikely, considering that a HDTV isn't worth a full-time job and a criminal record.
Well yes I realize that, it's a joke, I'm pretty sure this isn't the actual scenario that played out, I think it was a Blu-Ray player, not an HDTV...
I just want people to realize that there are other ways your account can be compromised. It is not ALWAYS your fault if your account is stolen, but Blizzard will force this shit down your throat, you will all bite the hook and be convinced that if you follow stricter account security practices in the future that this will not happen again!!
I'm sure Blizzard had a big executive meeting about this and they discussed whether it was smarter for them financially to admit they had a security breach, or to just post a bunch of bullshit about how to keep your computers more secure in the future and deal with the increase in customer support calls.
They obviously are choosing to just ignore the problem entirely and deal with all the customer support calls they are going to get.
Obviously you have proof to back up your claims and this ins't just a nerd rage fueled post from someone who had their account hacked and lacks any way to detail how it happened right?
Lucky for blizzard you are keeping the details of what exactly happened a secret.
Oh look WoW has a new bulletin on their front page about how to better secure your account. LOL! They even list the possible ways that your account may have been stolen under the "Types of Account Theft" section. But they leave out some key types of account theft, what about this case: "One of our database developers who has access to your login credentials decided to sell your information to a third party so he can purchase a new widescreen HD television."
Seems very unlikely, considering that a HDTV isn't worth a full-time job and a criminal record.
Well yes I realize that, it's a joke, I'm pretty sure this isn't the actual scenario that played out, I think it was a Blu-Ray player, not an HDTV...
I just want people to realize that there are other ways your account can be compromised. It is not ALWAYS your fault if your account is stolen, but Blizzard will force this shit down your throat, you will all bite the hook and be convinced that if you follow stricter account security practices in the future that this will not happen again!!
I'm sure Blizzard had a big executive meeting about this and they discussed whether it was smarter for them financially to admit they had a security breach, or to just post a bunch of bullshit about how to keep your computers more secure in the future and deal with the increase in customer support calls.
They obviously are choosing to just ignore the problem entirely and deal with all the customer support calls they are going to get.
Obviously you have proof to back up your claims and this ins't just a nerd rage fueled post from someone who had their account hacked and lacks any way to detail how it happened right?
Lucky for blizzard you are keeping the details of what exactly happened a secret.
I'm not keeping anything secret, I think most people who have been following this thread are smart enough to come to their own conclusion, I just want to present my case as a legitimate player who has been completely screwed by this account compromise, and I don't buy the argument that I had a key logger and my credentials were stolen. I think there are a lot of other legitimate players out there who are in the same scenario as me so I'm sorry but I'm going to bitch about it.
You can believe what you want I don't care, but in my case I am completely convinced that this whole thing is complete and total BULLSHIT.
Comments
It is however the first time as far as I know that Blizzard has instituted a new 'care package' policy in lieu of a complete restoration of your account.
http://forums.worldofwarcraft.com/thread.html?topicId=22419024395&pageNo=1&sid=1#8
I know back in vanilla wow blizzard offered some sort of "leg up kit" for hacked accounts. I'm just curious what you think this suggests?
I hadn't heard of it before. If you can provide a link or at least some details then that would refute my assertion that this is the first time something like this has happened.
I only remember that EQ called them leg up kits, but I don't recall to much about them in wow. Only remember seeing it once, but I will see if I can email who it happened to and see what details they remember.
Still, what do you think this proves?
On the contrary I have said all along that it may not be related to a Blizzard breach of security, only that we can't simply maintain that it MUST be a user created problem. If some new security vulnerability has been found it's quite possible that more than just WoW user accounts would be compromised.
Thanks, I thought you might at least enjoy the analogy.
My gut feeling is that the apparent rise in compromised accounts is the result of WoW account login's being changed from random player created log in names to Actual email accounts.
I don't blame Blizzard for anything other than forcing the change (and a little short sightedness in not seeing this as a potential problem).
I suspect the email addresses have been retrieved from any number of various websites, Free to play's, MMO fansites, tech sites etc of which I am a member of many and signed up for prior to Battlen.net's existance.
I made an error in not creating a brand new email specifically for Battle.net and paid the price.
Blizzard has been totally cooperative and so far the only thing lost has been a couple of hours of my time (which as the current point in my life is pretty worthless).
It is however the first time as far as I know that Blizzard has instituted a new 'care package' policy in lieu of a complete restoration of your account.
http://forums.worldofwarcraft.com/thread.html?topicId=22419024395&pageNo=1&sid=1#8
I know back in vanilla wow blizzard offered some sort of "leg up kit" for hacked accounts. I'm just curious what you think this suggests?
I hadn't heard of it before. If you can provide a link or at least some details then that would refute my assertion that this is the first time something like this has happened.
I only remember that EQ called them leg up kits, but I don't recall to much about them in wow. Only remember seeing it once, but I will see if I can email who it happened to and see what details they remember.
Still, what do you think this proves?
Well unless it was Blizzard that was offering this it doesn't prove much of anything. My assertion is that this particular bout of compromised accounts has hit Blizzard harder than in the past. 4 things make me feel that way now.
1) Blizzard is considering making authenticators mandatory or so has been reported.
2) Blizzard has issued a post on their forums stating that customer support calls have been very high. It has happened before, but it's still unusual for that to happen.
3) Blizzard has started to offer players a "care package" in lieu of a full account recovery. Again even if it's not the first time it is unusual.
4) Inactive accounts are now being compromised and activated, which I hadn't heard of until recently.
While none of these things by themself are proof of anything, taken together it is circumstantial evidence that this is a much bigger problem than what Blizzard has been faced with in the past. And while that doesn't prove that's it's any more likely that it might not be a "user" created problem, I think it's enough to make one consider their might be another explaination no matter how unlikely.
I have never said that it must be a Blizzard security issue and in fact I argued with you on this point earlier. All I'm saying is that it might not be a user created problem as you are assuming. There are other possibilities.
Well we all know where to find posts absolving Blizzard of all responsibility dont we?
After reading some of this thread.. i tried loggin on my 2 month in-active account on battle.net. Then it tell's me i need to enter a Battle.net Authenticator code. I never ordered one of their Battlenet authenticator's, and never got a email about anything. I find it weird that if my account got hacked... that someone would order one. Very odd blizzard very very odd..
i have heard of a few cases like that, seems to be mainly a way to slow the recovery of the account.
i have heard of a few cases like that, seems to be mainly a way to slow the recovery of the account.
There's been a bit more than a few cases of it. There's been quite a few cases.
i have heard of a few cases like that, seems to be mainly a way to slow the recovery of the account.
There's been a bit more than a few cases of it. There's been quite a few cases.
They hacked into my account. Attached an authenticator to it so I could not even get into my own account. Its the standard method of operations now. I quit the game before the authenticator existed.
This is exactly what has happened to me as well. My account got hijacked out of nowhere, then I called Blizzard and they supposedly restored my account, but I still get a message that I need to activate the Authenticator for my account. So I guess whoever stole my account put an authenticator onto it also. And now I have to email them back again going through this whole process again!
One funny thing - when I was talking to the support person and he was looking at my account activity during the period when it was compromised, he noted that it was strange because the access was actually occurring in the US and not in China/Asia etc where they usually see IP addresses of hijacked accounts. I'm not saying this would prove that it was an inside job, but it is still very suspicious and strange.
So honestly I have no idea what is going on anymore, I just find the whole situation laughable. LOL! I'm still waiting for some kind of announcement from Blizzard saying "It's possible a large amount of user accounts have been compromised due to a network security breach. We recommend you change your password immediately!"
Ok, we both agree that anything is possible I don't think I was accusing you of making that statement. If that is how it sounded, sorry.
In essence there are 2 ways to get account information.
1) From the account database stored at the company
2) From the user
There really isn't some other place to get it.
There are a few ways to get the information from #1. All very possible, but not very likely all things considered.
There are far more ways to get the information from #2. Either directly or indirectly.
Here are some things that make me believe it is user related
1) This same thread is repeated all the time with the same speculation thrown around. You know what they say about crying wolf.
2) This same thread is happening over on the aion forums right now. Major coincidence?
3) There has been a large influx of hacking efforts and phishing scams lately.
4) Many people changed their login ID to an email address. Many of those email addresses are used in many various non-wow account related ways that are easily accessible. People are basically posting 50% of their login credential for anyone on the internet to take. This really could go on to things such as people reusing the same password all over and things of that nature, but that would be a novel.
5) The lack of understanding many people keep repeating about how they could be compromised and how they think they are safe just further illustrates how misinformed and vulnerable they really are and that there is far more that keyloggers out there. It has been a really long time, but I bet if I had the email address IDs of a few dozen accounts I could into a few accounts just from tooling around the email providers website.
6) The conspiracies that make no sense to justify a company purposefully doing this.
I think it is incredibly stupid for blizzard to make the change to an email address for a login id. What on earth was their reasoning for it I don't know, but that doesn't excuse people from choosing an email address for a login ID that is registered and posted all over the internet. That is like inviting a hacker to try to break into your account.
If someone came here complaining they got hacked after they posted their login name somewhere, would anyone blame blizzard or ncsoft for leaking their information? I doubt it and I'm pretty certain that person would get a ripped a new asshole for being dumb.
P.S. Hacking/reactivating accounts when they become inactive isn't new. Even someone above talked about the blizzard csr admitting that is a favorite tactic of hackers now.
y do you keep saying its 50 cents?
Ok, we both agree that anything is possible I don't think I was accusing you of making that statement. If that is how it sounded, sorry.
Apology accepted.
In essence there are 2 ways to get account information.
1) From the account database stored at the company
2) From the user
There really isn't some other place to get it.
Yes there is, potentially anyway.
Let's say that hackers figured out a way to "intercept" your user-id and password combination thru the internet when you log into the game. It's encrypted, but encryption can be broken. I'm not talking about breaking into Blizzard's database and I'm not talking about installing any kind of software on a user's PC. I'm talking about some kind of packet sniffer or something to actually steal the information as it makes its way through the internet. The internet is nothing but a bunch of servers passing the information from 1 place to another. In theory that information could be intercepted and decoded. The encryption is really strong, but people are coming up with ways to break different forms of encryption all the time.
If that were to happen, is that Blizzard's problem? Not really. I don't believe they actually "own" the encryption technique they employ, I could be wrong about that, but I think they use the standard one.
Is that the users problem? Not really. They don't know that it's not a secure connection to Blizzard's servers.
So who is at fault in that scenario? We all assume that it's a secure connection when we are logging into WoW, but is it? How secure is it? And if it's not is it Blizzard's fault or do they just use the common encryption method that all businesses use for private information? And it doesn't necessarily have to be when the user logs into the game. We all have to put in our account information when we want to change something on our account. Perhaps it happens then and not when we are logging into the game. I don't know the particulars of how that security differs from when logging into the game or if it does at all.
Is that far fetched? Yes. Do I think that is what has happened? No. I don't know what has happened. Maybe there's something going on that I don't have any clue about, I'm not a hacker afterall. I just think it's unwise to underestimate the hackers.
Look at it this way. The hackers can compromise 10,000 individuals thru the various forms that we know about today to get access to 10,000 accounts. Or they could compromise 1 database that holds 10,000 accounts of information and get access to 10,000 accounts. Sure it's easier to compromise 1 individual than it is compromise that database, but is it necessarily a lot easier to compromise 10,000 individuals than it is to compromise that 1 database? It probably still is, but....maybe not quite as much easier as we all imagine it to be.
Just like the Titanic, nothing is fool proof.
The only person here trolling is you.
I posted in this thread to share my related account theft. I know how careful I am when it comes to the security of my PC, I take all the actions I possibly can. I have never bought any kind of currency for any game, I personally think it's rather sad to exchange real money for fake money, and I do believe that there could be people here that have done so, but whatever people do with their own money isn't my concern.
There's only 2 ways that -realistically- someone got my account details:
1) I somehow, from some website (despite having Firefox, Noscript and ABP), got my PC infected with a keylogger/trojan at some point in time when my account was active a few months ago.
2) Blizzard/Battle.net's security has been compromised. As far fetched as that may sound, it's the one I'm obviously hoping for. I remember when CCP got hacked, they had to make everyone change their passwords - they acted quickly, and if Blizzard is in the same boat then they've already reacted too slowly.
-iCeh
Not really. The damn hackers have been pulling that stunt lately. Once they gain access to the account, they just add an authenticator. That keeps other hackers(and the original owner) from changing anything.
One thing to keep in mind, I came back to WoW recently and googled up a bunch of things just to re-learn the game. I noticed a lot of the sites that offer "guides" or useful information are in fact sites that attempt to install a keylogger onto your computer. I've tried to download a mod before, forgot which one, and it came by way of an exe file. So the amount of malicious sites out there for WoW is enormous, and they are often sites you see on the first page of google when you search for something game related.
So when searching for leveling guides, gold farming tips, class info, pvp talents, etc.. be careful which site you browse through. When downloading a mod that seemed cool, or even recommended by some forum user, don't just install it blindly.
When you come upon a site that wants you to login just so you could chat with a pro, or create an account just so they could send you a super secret WoW guidez, you are most likely on a phishing site and being tricked.
WoW is a popular game, and popular games/softwares always get the attention of hackers the most. You won't believe how desperate and creative they get in their attempts to get your account information.
EQ1-AC1-DAOC-FFXI-L2-EQ2-WoW-DDO-GW-LoTR-VG-WAR-GW2-ESO
Btw, if this person has bought an autheticator thingy, then doesn't that mean Blizzard has his address? I don't know how they work as they came out just at roughly the same time as I quit (signed up with battle.net for the pet), but a mate told me that you have to purchase it from the store.
-iCeh
It can be sent to PO boxes, or store fronts. Various dodges can be used. Given the amount of money that is involved in gold and account sales, people get really creative and sneaky. Not to mention that its rumored that some of the organized crime groups are involved now.
Authenticators can also be purchased for mobile devices as electronic downloads.
They are free for certain devices like itouch, etc.
I suppose they could get a new authenticator for each account if they wished.
Oh look WoW has a new bulletin on their front page about how to better secure your account. LOL!
They even list the possible ways that your account may have been stolen under the "Types of Account Theft" section. But they leave out some key types of account theft, what about this case:
"One of our database developers who has access to your login credentials decided to sell your information to a third party so he can purchase a new widescreen HD television."
Possible, but given the limited number of people with such access, and the logs that are kept, its not too likely.
Seems very unlikely, considering that a HDTV isn't worth a full-time job and a criminal record.
-iCeh
Seems very unlikely, considering that a HDTV isn't worth a full-time job and a criminal record.
Well yes I realize that, it's a joke, I'm pretty sure this isn't the actual scenario that played out, I think it was a Blu-Ray player, not an HDTV...
I just want people to realize that there are other ways your account can be compromised. It is not ALWAYS your fault if your account is stolen, but Blizzard will force this shit down your throat, you will all bite the hook and be convinced that if you follow stricter account security practices in the future that this will not happen again!!
I'm sure Blizzard had a big executive meeting about this and they discussed whether it was smarter for them financially to admit they had a security breach, or to just post a bunch of bullshit about how to keep your computers more secure in the future and deal with the increase in customer support calls.
They obviously are choosing to just ignore the problem entirely and deal with all the customer support calls they are going to get.
Seems very unlikely, considering that a HDTV isn't worth a full-time job and a criminal record.
Well yes I realize that, it's a joke, I'm pretty sure this isn't the actual scenario that played out, I think it was a Blu-Ray player, not an HDTV...
I just want people to realize that there are other ways your account can be compromised. It is not ALWAYS your fault if your account is stolen, but Blizzard will force this shit down your throat, you will all bite the hook and be convinced that if you follow stricter account security practices in the future that this will not happen again!!
I'm sure Blizzard had a big executive meeting about this and they discussed whether it was smarter for them financially to admit they had a security breach, or to just post a bunch of bullshit about how to keep your computers more secure in the future and deal with the increase in customer support calls.
They obviously are choosing to just ignore the problem entirely and deal with all the customer support calls they are going to get.
Obviously you have proof to back up your claims and this ins't just a nerd rage fueled post from someone who had their account hacked and lacks any way to detail how it happened right?
Lucky for blizzard you are keeping the details of what exactly happened a secret.
Seems very unlikely, considering that a HDTV isn't worth a full-time job and a criminal record.
Well yes I realize that, it's a joke, I'm pretty sure this isn't the actual scenario that played out, I think it was a Blu-Ray player, not an HDTV...
I just want people to realize that there are other ways your account can be compromised. It is not ALWAYS your fault if your account is stolen, but Blizzard will force this shit down your throat, you will all bite the hook and be convinced that if you follow stricter account security practices in the future that this will not happen again!!
I'm sure Blizzard had a big executive meeting about this and they discussed whether it was smarter for them financially to admit they had a security breach, or to just post a bunch of bullshit about how to keep your computers more secure in the future and deal with the increase in customer support calls.
They obviously are choosing to just ignore the problem entirely and deal with all the customer support calls they are going to get.
Obviously you have proof to back up your claims and this ins't just a nerd rage fueled post from someone who had their account hacked and lacks any way to detail how it happened right?
Lucky for blizzard you are keeping the details of what exactly happened a secret.
I'm not keeping anything secret, I think most people who have been following this thread are smart enough to come to their own conclusion, I just want to present my case as a legitimate player who has been completely screwed by this account compromise, and I don't buy the argument that I had a key logger and my credentials were stolen. I think there are a lot of other legitimate players out there who are in the same scenario as me so I'm sorry but I'm going to bitch about it.
You can believe what you want I don't care, but in my case I am completely convinced that this whole thing is complete and total BULLSHIT.