Howdy, Stranger!
It looks like you're new here. If you want to get involved, click one of these buttons!
Quick Links
What is up with Battle.net security?
Abrahmm
Member Posts: 2,448
So, I've been informed by friends that still play WoW that my WoW account is logged in and playing. This is the second time this has happened in 6 months. I don't play WoW any more and haven't for 2 years, I don't log in to my Battle.net account, I don't have malware on my computer, and I don't fall for the phishing emails. This literally just happens with no interaction on my part.
So what is going on over at Blizzard? Am I some isolated case or is this common? This never happened before the switch over to Battle.net. It's pretty annoying too, because I have to waste time getting the account back...
/endrant
Tried: LotR, CoH, AoC, WAR, Jumpgate Classic
Played: SWG, Guild Wars, WoW
Playing: Eve Online, Counter-strike
Loved: Star Wars Galaxies
Waiting for: Earthrise, Guild Wars 2, anything sandbox.
Comments
Ive had no problems what so ever and been playing since beta. Same with my fiance, she has never been hacked either. However we see countless people week after week getting hacked. I assume most of it is user end, even though msot people want to deny it. But while I think most are on user error, I do think employees at Blizzard are doing something fishy as well.
Im not sure how their employee structure is set up, So I'm jsut assuming they have employees who may be a little underhanded and want to make a little extrra cash. I'm sure Blizzard isn't wastign much money on wages for hourly associates. I mean how hard could it be If you have access to everyone in WoW's accounts. You know who is active and who isn't ... it seems alot of inactive accounts get taken over active accounts. Makes me wonder, and I'm not generally a conspiracy guy ...
I don't think the problem is on blizzard's side as after I changed my wow E-mail to a wow only one which I don't use anywhere else I've never recieved anymore spam so It's probably another big site that got hacked and has user information. Also you might just have spyware on your computer, trust me it happens to the best of us and you only find out when your either called by your credit card company or you get an E-mail from blizzard.
When you're a big company like that you are a big target. I've had my account hacked and people call me to ask if it was me playing that night, when I wasn't. I've also seen fully decked out level 80 in a guild at the auction house start spouting web links to gold spammers and hack sites. You know someone just got pwned when a guy is standing there level 80 full epics and starts spamming web links. Ouch!!
Don't be terrorized! You're more likely to die of a car accident, drowning, fire, or murder! More people die every year from prescription drugs than terrorism LOL!
VERY few people really get hacked.
A lot of people get phished/scammed/betrayed by friends or something else.
In most cases, it's on the users end. Most people will say "but I didn't do anything or haven't been logged in for years", but it's usually their own fault somehow.
It's like people who buy gold or use bots to level up and then all of a sudden get banned. They all say "I didn't do anything" aswell.
What I'm trying to say is that it's almost always on the users end.
I agree with this guy. Yes I am aware most accounts simply get phished, I think it is also very likely that some low level blizz employees sell off info. My wife works for a call center that takes calls for different clients. At least every couple of years a group of employees gets busted for vairous privacy infractions. This kind of stuff does happen elsewhere so I have to believe that it happens at blizz as well.
I've been a player since open beta myself. I watch porn, torrent movies, and everything else on my PC. Been using my PC for a good 15 years now. Never got a virus...until about 5 months ago. I was at work and got a text that a character of mine logged in and took some items out of the gbank, logged off, and apparently got transferred. I have no idea where I got the keylogger. Don't feel comfortable using SpyBot and AdAware on my work PC because I don't want it to interfere with the software I have on it, but cleared my PC at my house. That night I went out and got Win 7, wiped my PC, and started over. Then ordered my authenticator. Haven't had a problem since
Still now I have no idea where that keylogger came from. For all I know, its still on my work computer.
________________________
Two atoms walk out of a bar. The first exclaims, "Damn, I forgot my electrons." The other replies, "You sure?". The first explains, "Yea, I'm positive."
Do you have any evidence for anything you just claimed or did you make that all up? Simply spewing what you "believe" out into the internet ether doe not make it true. Please reference statistical data or or anything that can validate what you claimed.
Facebook.
Alias Warin
Huh. How so? Ads? Social engineering? Because come to think of it, there is a correlation between when I started my Facebook account and me losing my Warcraft account.
________________________
Two atoms walk out of a bar. The first exclaims, "Damn, I forgot my electrons." The other replies, "You sure?". The first explains, "Yea, I'm positive."
If there really were people out there able to hack for real, don't you think they'd go for people in top guilds or people with shitloads of gold?
Most of the times when someone gets "hacked", it's some guy who is somewhat new to the game and doesn't have anything of value on his account.
It's common knowledge.
The only thing you need to gain access to someones account is thier email that's associated with the account. With that email you can change someones password, and gain access to the account. Blizz doesn't require you to verify that you're changing the account password before it takes effect; you only do something if you didn't change the password. You don't even have to have access to the email itself.
If the email gets dumped into spam, or if you don't check your email often, it's quite easy to lose control of your account.
This happend to me several months ago. It wasn't a virus, it wasn't phishing, it was as simple as someone changed my password.
I recieved a notice from blizzard that my account had been suspended for spamming. When I went to log into the account the password had been changed. I went back and looked; sure enough there was an email from blizzard telling me that my password had changed. I then changed the account password again, and was shocked to find that I didn't have to verify that it was even me doing it. Changed the password, cancelled the account; which in itself was odd considering I didn't even activate it.
Never had this happen until after I linked my wow account to the battle.net account.
When i tried to call blizzard I got a message to call back because their call volume was to high and they didn't have enough people to handle it.
Blizzard has history of stuff like this happening, and it's not entirely the end user, people just refuse to believe that a lot of people lose control of thier WoW accounts through absolutely no fault of thier own.
There is a reason that they now have the authenticator, and ti's not just because of phishing and viruses.
To change the password of an account, you have to click an "okay" link, so what you're saying is false.
Hah. I hit dial, put the phone on speaker next to my face, and took a nap. Five hours later I got a person that actually spoke English and she sounded cute to boot. =D
As for the authenticators, I think all games that look to become the next big thing should include an authenticator in the box.
________________________
Two atoms walk out of a bar. The first exclaims, "Damn, I forgot my electrons." The other replies, "You sure?". The first explains, "Yea, I'm positive."
Me my gf and her brother have al playe wow 5 + yrs and never been hacked not once. I dont follow email links i dont respond to in game whispers other then to report them for spam. I dont buy gold. If u ever bought gold or paid a power leveling service u will probably get hacked.
Other ways to get hacked is if other people know your info and somehow have spyware on there account but u have let them use your account on there comp. Not a good thing etierh. Blizz has alot of diffrent ways to avoid being hacked on there website.
Yea most of the hacks are use error. There was a vulnerability in flash player and acrobat reader but they updated those so that isnt there anymroe but if u have the older version of these things that could of got u hacked also.
I now have an authenticator. As does my gf and her brother but its a recent thing. I played up until 2 months ago no authenticator. And never got hacked. There are just so many ways to get hacked . And most of them are our fault. I dont believe that garbage about low level blizz employees for one reason.
they are the ones who have to deal with wow players yelling at them for behing hacked. Get my account back. Stuff. What incentive and dont tell me money would they have to do that? Also most people who work at blizz are gamers themselves. I just dont see gamers messing with other gamers accounts like that.
No one wants to be hacked. Anyone who has been hacked would never do it to another person unless theya re pure evil.
If they have access to your email, they can click the link for said confirmation email.
So what they said is actually true.
And that's why Battle.net using an e-mail as username for login authentication is a dirt stupid thing to do. It used to be that even if you knew someone's username and requested a password change/reset, you still didn't necessarily know where the e-mail went. Now they know exactly where it goes because the e-mail the battle.net account is tied to, is the username of the account.
Not to mention, it's significantly easier to track down an e-mail account than it is a private username... even if it's an email used for a single purpose.
Derp.
IT security at it's worst, brought to you by Blizzard.
i realy dont see WHY you are getting so upset about your wow account man......if dont play it then what's the freaking problem that somone hacked your wow account???
silly
I usually get 3 emails a week from their official email stating my account has been hacked or some such nonsense. The links don't lead back to the official site, are you sure that's not what you're getting? I can't even block the damn things since they use the official email addresses and I don't want to not get them in case one happens to be real.
we all get those mails.....even friends of mine who never played wow.....haha
Protip: It's not Blizzard's official email. Hover your mouse over it and you'll see.
Just the fact they unwantedly accessed your account and used it would piss me off to no end. I have email addresses from years and years ago and I'd hate to see those being used to unwanted activities.
________________________
Two atoms walk out of a bar. The first exclaims, "Damn, I forgot my electrons." The other replies, "You sure?". The first explains, "Yea, I'm positive."
Let me try this again.
When I changed my account password, I wasn't required to click anything UNLESS IT WASN'T ME CHANGING THE PASSWORD.
After my password had been changed, I had to change it to gain access to my account. The email that Blizzard sent me was your A-typical, if you didn't change your password then follow this link, otherwise do nothing.
Since they require your account to be tied to you email, then people are able to obtain your email quite easily. Some sites sell email address as a form of revenue, I wouldn't be suprised if curse does so.
Now, If they changed something then cool, but when this happend to me I wasn't required to verify my password change. I wasn't even required to follow a link to start the password change process as most every other game does. IE: you request a password change, they send you an email, you follow the link and then change your password.
Again,
When I changed my password, I wasn't required to do anything outside of provide the email address.
The email in the header is most definitely the official email. All of the links in the email itself are obviously fraudulent when you hover.
Ok I see what you saying. Well explain what happened to cases when people really did get hacked
Philosophy of MMO Game Design
A lot of "hacks" are people who reuse passwords between website, official and non. Non official sites can harbour a LOT of information about you and will not have the defence to withstand a probe. Simply put, have a password you use for forums and non official sites, and a password you use for games. Ideally every single one of your passwords should be something along the lines of "@s;2^Zi6G'" but you have to be a savant to remember as many as you need, and any service that offers to remember your password is defeating it's purpose
This.
If you use the same email address with the same password on sites that are not secure, then odds are the less secure site will be hacked.
If someone has a list of emails and passwords from a WoW fan site, then odds are a good number of those users will have the same email and password for their WoW login.
Simply put, make sure your WoW password is unique to the game and don't use the same password on other sites.