I still don't understand how so many people are being hacked. Use a secure password unique to WoW. Use an email address unique to WoW. Only login to Blizzard websites using a bookmark. Don't play on other people's computers. Use a minority web browser (and install noscript or the like) and email client. Apply updates immediately.
I'm also tempted to say get a Mac or run WoW in Linux using WINE or Crossover. But that would just invite trolling... ;-) Still, I run WinXP too and it's not _that_ hard to secure.
Just how are people constantly getting hacked? How is this still happening? I'm baffled.
You know what? I do that stuff. I'm not an internet idiot. I'm a Network Management student. I still got hacked somehow. Gold selling makes big bucks. Stealing accounts is a highly effective way of getting gold fast to sell. They've got some clever people working for them...
1) Make a txt file with a list of about 100+ passwords JGHJ123kjh98 type of mess.
2) Copy paste your password into the login. Ctrl C (copy), CtrlV (paste).
Works for me. Simple and done in a flash. Works for most games out there.
This is a common fallacy, with this method the password is stored in the clip board and still easily retrieved.
Yeah, just read that. I guess I'm just a luck SOB then. I guess it helps that I scan my system often, keep it upto date, and stay off the questionable sites more than my method of password usage.
Blizzard has done a lot to improve customer service, and your own experience in how fast you got your account back and the stories of others that are similar is evidence of how far it has come. Blizzard has issued the Authenticator for a price that is incredibly low in the security field - unless you live somewhere in the world where you can't get one, I don't have much sympathy for you if your account gets hacked (empathy, yes, sympathy, no). Don't want to spend 45 minutes on the phone trying to get your account back? Get an Authenticator and attach it to your account(s).
If 45 minutes is average, I agree in this day and age that's too long, but on the other hand I've spent a lot longer than that on the phone waiting for service from other companies and I personally wouldn't have thought much about it. I like being able to connect with service people through an online chat method - especially since I have a second computer beside me most of the time - but just leaving the phone on speaker while I do whatever works well for me.
Have played: Everquest, Asheron's Call, Horizons, Everquest2, World of Warcraft, Lord of the Rings Online, Warhammer, Age of Conan, Darkfall
Well, due to the extremely high rate of being "hacked" for Blizzard's battle.net, they've become experts at undoing the damage done by the malificent individuals involved. I wouldn't be surprised if they actually have a chapter in their employee handbook that details exactly how to view what an account had in total on X time on Y day, with all the characters listed.
All a "hacker" has to do to get into your account is buy a list of emails from a gaming site or blizzard themselves, and then either send phishing emails or simply bruteforce their way in.
My experience is a little different than yours. I used just e-mail... and overall, after getting my account and all my items restored it took about two weeks. Because I was not subbed during that time period, I feel I was treated very rudely about it, like because I was not a current paying customer that my account security was not their problem. Then, since the hacker still had some time left on the account, I signed in and fixed everything, re-equipping gear, cleaning out the bank, vendoring junk items I forgot what they did, etc. Well, this raised a red flag, they shut down my account once more, and now won't let me back in until I pay them the $15 for that 10 minutes.
I purchased an authenticator because they told me that if it happened again, they would turn turn their heads and ignore it.
Sorry Blizz.... you lost a solid customer and now I will tell whoever wants to hear it my awful experience.
I don't understand why people don't just spend the 6 bucks and get an authenticator, or get it for free if you have iphone/droid. Yea, it's still possible to get hacked with one but the odds are extremely low. As others have mentioned, the only way this happens if they are keylogging you at that moment in time and then log in almost immedietely. Even then, the keylogger has to hope that the authenticator key was keyed in when it was first generated (I think the number changes 30-45 seconds). I didn't know it knocked you out if someone else tries to log in while you are already logged in though.
Also if someone is wondering if there is a way to get the authenticator removed from a hacker, it's pretty much like pulling teeth. You have to call Blizzard CS and actually provide the original serial number of the disks.
My experience is a little different than yours. I used just e-mail... and overall, after getting my account and all my items restored it took about two weeks. Because I was not subbed during that time period, I feel I was treated very rudely about it, like because I was not a current paying customer that my account security was not their problem. Then, since the hacker still had some time left on the account, I signed in and fixed everything, re-equipping gear, cleaning out the bank, vendoring junk items I forgot what they did, etc. Well, this raised a red flag, they shut down my account once more, and now won't let me back in until I pay them the $15 for that 10 minutes.
I purchased an authenticator because they told me that if it happened again, they would turn turn their heads and ignore it.
Sorry Blizz.... you lost a solid customer and now I will tell whoever wants to hear it my awful experience.
I would be interested in hearing Blizzard's side of this tale. Although I've had my differences with Blizzard (I think Wrath was pretty bad), their customer service has always been first rate when my friends and myself have had to deal with them (once you get beyond the phone wait time).
My friend's account was hacked during the 2008 Flash exploits, and his treatment was first rate despite the massive numbers Blizzard was dealing with at the time (it was the first time I saw warnings of hacking show up on the WoW splash screen)...and when my wife's authenticator failed when we recently resubbed, they were very friendly as well and even called back at an appointed time at one point.
I'm guessing to get such a stern message from Blizzard, there is a bit more to the story than has been presented.
Allyou need to keep from getting hacked is a lot of what has been mentioned. Have an e-mail that is ONLY for your battlenet account,never use the battlenet e-mail for anything but battlenet, get an authenticator, never give passwords, don't visit sites that look even slightly weird, don't buy gold and when using addons only get them from a reputible place such as Curse. Been playing for 3 years and have not had a problem. Also never answer to emails or click on links in them. Go straight to the battlenet site for any logins. And NEVER go to any sites that your are directed to while in game by a tell, they are allways phishers. Anytime it is blizz sending a tell they will not tell you to log in to anything and their names will ALWAYS be in blue.
It is amazing how I've had a WoW account for years, 5 years of 4+ EQ1 accounts, 2 Eve accounts for 6 years, LOTRO for as long as it's been around, WW2 Online since 2001, etc.... never been hacked.
Of course, I don't download addons and I don't tell people my account name or password ever (not even roommates). Now, I am getting fake blizzard spam mail for the first time for the past couple of months, but they're all obviously bogus, and it makes me sad people fall for them. I get a lot of facebook spam too, but since I'm not on facebook, that makes them pretty easy to spot as fake lol.
Keyloggers can be embedded in anything.. JAVA, FLASH, and a host of other multimedia plug-ins can be used to extract information from your PC. Just be glad you have not been targetted yet, because once you've been violated, it will make you kinda paranoid about everything on your pc..
My work PC is guarded to the max due to where I work and what I do. My home PC just recently got MSE as a virus scanner. My first virus scanner in 20 years of PC using (beyond a couple free trials for norton/mcafee that were soon removed because they caused more problems than they solved). No viruses. No trojans. The worst was some adware back in the day before the big advertisers paid attention to the ads they were hosting.
Aside from not sharing files/downloading crap, surfing in the "bad" areas of the internet, I just follow one simple rule: never click on anything that I didn't expect to see. All those stupid pop up "your computer is infected! please click ok and go to our site to download Virus Stomper 2011 now!" scams just make me laugh (and annoy me since I blast them with task manager instead of clicking the "close" button which isn't a close button).
Flash is my biggest worry. Too much uses it, and Adobe apparently can't code their way out of a wet paper bag.
I *DO* have to fix a lot of other people's PC's who have gotten viruses/trojans/malware. But they all have one thing in common: People who click things they shouldn't. They deny it of course. Much like the people here who think it's blizzard who was hacked, not them (even after a new pc!!!! heh... same habits, same problems, new PC won't solve PEBCAK.)
The only thing that seems strange here, is that the majority of the hacks do not occur until after the account is deactive and no longer in use. Which means the hacker has to hack the system (username and PW, not blizzard), reactivate the account then put an authenticator on it all to get the stuff off it.
Seems a fair bit of cost (the monthly fee+ authenticator) to hack an old account. Just seems weird to me this didn't start until after the battle.net situation.
^
This.
This is one of the biggest things that makes me think there is a security issue on Blizzards end. In many cases I have read about it is week(s) after the account goes inactive. I personally know people that have not played WoW for years, never used add-ons, different PW and UN for all sites visited, been around long enough to know not to fall for the phishing emails, and have trash email accounts for each game they play, that have mysteriously had their accounts compromised. Whether it is a compromised data base or an unscrupulous employee we'll never know but having been an online gamer for 15+ years, there are too many coincidences for me to think this is all the fault of the end users.
The other issue is Blizzards switch over to the battle.net login which is less secure than the previous method of logging into the game. LOTRO just switched their forums over to same login as your game login and not surprisingly, compromised acccounts have become more common. It absolutely baffles me why companies switch over to less secure methods like this in this day and age.
I'm not usually one of those conspiracy, tin foil hat types but like I said, there are just too many coincidences for the fault to all lay at the feet of the end users.
Einherjar_LC says: WTB the true successor to UO or Asheron's Call pst!
The only thing that seems strange here, is that the majority of the hacks do not occur until after the account is deactive and no longer in use. Which means the hacker has to hack the system (username and PW, not blizzard), reactivate the account then put an authenticator on it all to get the stuff off it.
Seems a fair bit of cost (the monthly fee+ authenticator) to hack an old account. Just seems weird to me this didn't start until after the battle.net situation.
^
This.
This is one of the biggest things that makes me think there is a security issue on Blizzards end. In many cases I have read about it is week(s) after the account goes inactive. I personally know people that have not played WoW for years, never used add-ons, different PW and UN for all sites visited, been around long enough to know not to fall for the phishing emails, and have trash email accounts for each game they play, that have mysteriously had their accounts compromised. Whether it is a compromised data base or an unscrupulous employee we'll never know but having been an online gamer for 15+ years, there are too many coincidences for me to think this is all the fault of the end users.
The other issue is Blizzards switch over to the battle.net login which is less secure than the previous method of logging into the game. LOTRO just switched their forums over to same login as your game login and not surprisingly, compromised acccounts have become more common. It absolutely baffles me why companies switch over to less secure methods like this in this day and age.
I'm not usually one of those conspiracy, tin foil hat types but like I said, there are just too many coincidences for the fault to all lay at the feet of the end users.
Or the hacker could hack the account and monitor the e-mail address assocuated with the account and once the account goes inactive, then hack it. They would have more time to play the account before its reported. A friend's account got hacked and his characters kept appearing in game and doing stuff.
He just got his account back and had achievements and gear that the hacker got for him. Kinda funny.
I might agree with this, but in some instances accounts have been inactive for years....are you suggesting the "hackers" are monitoring accounts for years as well before they take them over? Not a likely scenario IMO, and does more to prove my point of data base corruption or unscrupulous employee during the battle.net conversion.
I don't know why this theory is so hard for people to accept. It's happened before with large banks having their data bases compromised, or unscrupulous employees taking records from work they're not supposed to and losing them. It happens, it happens a lot, but for some reason people think Blizzard is infallible.
Einherjar_LC says: WTB the true successor to UO or Asheron's Call pst!
I've never been hacked, though I definantly deserved it more then a lot of people. It makes me think getting hacked is more luck based then anything. I was one of those people that: used my yahoo email for everything...lol, Visited porn sites and all kinds of wow related sites, used a similar password for everything, didn't have an antivirus for a year, used internet explorer, basically did everything you could do wrong except actually hand my information to anyone, or buy gold (I think these people have the highest chance of getting hacked).
Tips to lower hack chance (things I do now):
1. Never run the internet on the Administrative Account.
2. Use seperate wow email.
3. Make sure all passwords: wows, emails, computer internet account, administrator account, are all different and hard to figure out. Change wow password periodically (once a year seems good enough to me). Also change it if you hear about a recent surge of hacks, (ex: flash vulnerability that happened a while ago).
4. Don't touch emails claiming to be blizzard.
5. Have an Antivirus
6. Use Firefox with addblock and noscript.
7. Get an Authenticator.
8. Get the dial up thing.
9. Download addons from well known sites. For curse download manually, the client can be vulnerable sometimes.
I can't stress changing your password enough, usually hackers keep your information for a while before hacking the account.
Oh I agree it can happen and might have. Heck, we just had a story here in Atlanta where a business dumped hundreds of medical records in a dumpster behind their office! So eay I think it can happen but I do not think its a widespread problem or still ongoing (more like a one time event).
To be honest though, I think a lot of the hacking has to do with non-Blizzard sites that people frequent. Honestly, I would trust Blizzard over addon download sites.
As I have stated before, until i registered at one particular addon website, I did not get a hack e-mail. Now I get several a day. And that is the ONLY thing I use that e-mail for that is WOW related. And I do not download addons from that website anymore either.
Sure it could be Blizzard but I think its another company or companies that got or get hacked regularly and won't confess.
Agreed.
I think as you have stated it's a combination of everything. End users to an extent, non-Blizzard 3rd party sites, and I think there may have been a compromise at Blizzards end as well. Of course no one will admit to anything, especially Blizzard because that would set them up for serious litigation.
It's easier and cheaper for them to deal with it in the mannor they are rather than face any kind of punitive damage settlement which knowing how things are in the US, would happen.
Blizzard hopefully has learned a lesson as Turbine did with allowing 3rd party add-ons to their games. AC1 allowed 3rd party apps and there were constant cases of people having their accounts compromised. It just allows too much room for error at the end users end and causes a lot of issues for the game over all IMO. As with Turbine, their next big game, LOTRO allows no 3rd party apps at all. It's only one facet of the issue, but an easy enough one to stop that would cut down significantly on the amount of compromised accounts IMO.
Regardless of how it happened, I do feel badly for those that have been compromised. It can't be a good feeling and I have been fortunate enough never to have had it happen.
Einherjar_LC says: WTB the true successor to UO or Asheron's Call pst!
I've played a number of mmos. From every SOE game to come out to LOTRO to EVE to some fp2 games and wow. I had my account hacked in wow and wow only. I have had an account on station.com for over 6 years. No problems. Wow That's another story. I'm a software engineer. I've been developing ecommerce systems and web security systems for 15 years. None of the sites I have designed have ever been hacked. After My account was hacked in wow. I went over all my computers with every anti hacker tool I could find. followed every tip from security forums to try to find out what happened. I found nothing. Not one keylogger not one malware, nothing. I did not have an authenticator at the time. I do now. Fortunately My account was auto banned by blizzard with in a few hours of the breach and they only managed to create a new character on a new server to use as a spam agent. I had my account restored during my phone call and ordered an authenticator. Ever since then It’s been fine. BUT again I have never had a breach of any kind on any game until WoW. To this day. Something really is fundamentally wrong with blizzards system. Maybe I can design them a secure system that will actually work.
The two most common elements in the universe are Hydrogen and stupidity. - Harlan Ellison
I've played a number of mmos. From every SOE game to come out to LOTRO to EVE to some fp2 games and wow. I had my account hacked in wow and wow only. I have had an account on station.com for over 6 years. No problems. Wow That's another story. I'm a software engineer. I've been developing ecommerce systems and web security systems for 15 years. None of the sites I have designed have ever been hacked. After My account was hacked in wow. I went over all my computers with every anti hacker tool I could find. followed every tip from security forums to try to find out what happened. I found nothing. Not one keylogger not one malware, nothing. I did not have an authenticator at the time. I do now. Fortunately My account was auto banned by blizzard with in a few hours of the breach and they only managed to create a new character on a new server to use as a spam agent. I had my account restored during my phone call and ordered an authenticator. Ever since then It’s been fine. BUT again I have never had a breach of any kind on any game until WoW. To this day. Something really is fundamentally wrong with blizzards system. Maybe I can design them a secure system that will actually work.
This is another reason I think it is something at Blizzards end. Too many stories like this. People that have been gaming for years without any issues suddenly have their WoW account, and only their WoW account compromised.
Again, like I said there are too many coincidences for this to lay at the feet of the end users alone.
Einherjar_LC says: WTB the true successor to UO or Asheron's Call pst!
Getting hacked at this point doesn't even affect you anymore other than inhibiting you from playing for like a day on the character whos gear got sold or deleted. It takes like 10 minutes on the phone with a blizzard support person to get your account back, and transferred to a different email assuming you know your secret question and secret answer or have the key from the original wow still handy. GM's have gotten faster with getting your gear back too, taking less than a day usually now.
The main issue one has to deal with in such a situation is the fact that you got hacked in the first place. When such a thing becomes commonplace enough that people shrug it off and call it just another part of the game...? That's when you know there is a problem.
No matter the game, and no matter the company behind it, there should be steps taken to prevent this. First and foremost, you have to wonder; how are they getting the ability to hack your account in the first place? If it is so easy, why hasn't it been even easier to circumvent and negate the process entirely? A corporation has a responsibility to it's players, and it's consumers to ensure a secure and enjoyable experience.
In some cases however, we find that the so-called corporations providing these services would much rather not bother with such things at all, stating it is the user's problem and therefore they should take the requisite steps to halt it from happening. But as to the means, the how, or why, they never say. If this is to be resolved, it should be the corporation who provides the service that is to take the steps required to negate this. An individual can only do so much without being properly informed of the actual ways to stop these so called "Hackers" from getting what they want.
I have played many games before, and many of them primarily that in which would become victim to hacking attempts, if not gold farmers or the like. Each time, I have found the companies send out warning letters, with the requisite "<Insert game here> Representatives will never ask for your personal information/password or username."
But is it really enough? Can the corporations not provide some sort of program in which would allow the player to play the game in relative safety from such things? I suppose we'll never know.
Oh my god, my account of the most popular p2p mmo in the history of the world was hacked, how odd. Seriously why would anyone hack for example EQ2. No one gives a shit about EQ2. There are so many hacked WoW accounts simply becouse there are so many people playing it. Also, oh my god my WoW account which I have not used for months was hacked HOW could this be!!!!! Oh I dont know becouse if someone hacked an account that was active and being used it would lead to the hacking being discoverd in mere hours instead of months.
Getting hacked at this point doesn't even affect you anymore other than inhibiting you from playing for like a day on the character whos gear got sold or deleted. It takes like 10 minutes on the phone with a blizzard support person to get your account back, and transferred to a different email assuming you know your secret question and secret answer or have the key from the original wow still handy. GM's have gotten faster with getting your gear back too, taking less than a day usually now.
The main issue one has to deal with in such a situation is the fact that you got hacked in the first place. When such a thing becomes commonplace enough that people shrug it off and call it just another part of the game...? That's when you know there is a problem.
No matter the game, and no matter the company behind it, there should be steps taken to prevent this. First and foremost, you have to wonder; how are they getting the ability to hack your account in the first place? If it is so easy, why hasn't it been even easier to circumvent and negate the process entirely? A corporation has a responsibility to it's players, and it's consumers to ensure a secure and enjoyable experience.
In some cases however, we find that the so-called corporations providing these services would much rather not bother with such things at all, stating it is the user's problem and therefore they should take the requisite steps to halt it from happening. But as to the means, the how, or why, they never say. If this is to be resolved, it should be the corporation who provides the service that is to take the steps required to negate this. An individual can only do so much without being properly informed of the actual ways to stop these so called "Hackers" from getting what they want.
I have played many games before, and many of them primarily that in which would become victim to hacking attempts, if not gold farmers or the like. Each time, I have found the companies send out warning letters, with the requisite " Representatives will never ask for your personal information/password or username."
But is it really enough? Can the corporations not provide some sort of program in which would allow the player to play the game in relative safety from such things? I suppose we'll never know.
What people totally fail to realise is that you dont need to enter a WoW phising site or click a WoW phishing link to get hacked in WoW.
Totally had my account hacked and recieved emails about something of the sort. never responded but when i start back up my warrior batter be back to up and running state.
~i'd rather be forgotten than remembered for giving in~
Oh my god, my account of the most popular p2p mmo in the history of the world was hacked, how odd. Seriously why would anyone hack for example EQ2. No one gives a shit about EQ2. There are so many hacked WoW accounts simply becouse there are so many people playing it. Also, oh my god my WoW account which I have not used for months was hacked HOW could this be!!!!! Oh I dont know becouse if someone hacked an account that was active and being used it would lead to the hacking being discoverd in mere hours instead of months.
Yeah, because data bases never get compromised or there is never a case of unscrupulous employees where significant money might be involved... *rolls eyes*
Naivety is the scammers best weapon.
Einherjar_LC says: WTB the true successor to UO or Asheron's Call pst!
You should know better as a writer for this website then to post this crap. I stopped reading at :I got my account hacked".
No one hacked blizzards servers, You were stupid and got keylogged is far more likely. Probably on a site advertising WoW gold. Or maybe you clicked a link on the forums. There are 101 ways dumb people get duped.
But to have any credibility as a game reviewer and say on your own site you got hacked. Come on man really?
Normally i'd brush this off as people being naive or not paying attention. What makes me go Hmm is just after the switch to battle.net this happens. Which everyone knew was going to cause security issues. But then just shortly after Blizz comes along and gives you a patch to correct the problem (the authenticator, which you never needed before the change) so long as you pay for it.
I don't care if it's 20 6 or even 1 dollar. That type of security is on their end. They did something on their end that weaken the security (by changing unique names to emails) then it's on their end to bring the security back up to where its suppose to be. Thats my only issue with the circumstance.
Help me Bioware, you're my only hope.
Is ToR going to be good? Dude it's Bioware making a freaking star wars game, all signs point to awesome. -G4tv MMo report.
I am not ignorant of this fact. However, I do not see any reason why steps have not been taken aside from the simple "Do not open email by suspicious people, and do not go on sites aside from ones authenticated by blizzard" Kind of runabout.
This sort of thing only seems to perpetuate the ignorance of the players, and make it easier for hackers to get the information that is so desired. There needs to be better preventative measrues taken. And while I am ignorant of -how- specifically they hack the information, I must admit, I have a theory.
A virus which would enter your system, and search for critical files integral to the world of warcraft game. Or, keyloggers. For the first, I would honestly create a folder with a"False" database, and should they attempt to read the files and send the pertinent information back, it would trigger some sort of reciprocating virus in which could trace the ip it was being sent to, and infect said computer, and network.
Comments
You know what? I do that stuff. I'm not an internet idiot. I'm a Network Management student. I still got hacked somehow. Gold selling makes big bucks. Stealing accounts is a highly effective way of getting gold fast to sell. They've got some clever people working for them...
Yeah, just read that. I guess I'm just a luck SOB then. I guess it helps that I scan my system often, keep it upto date, and stay off the questionable sites more than my method of password usage.
Blizzard has done a lot to improve customer service, and your own experience in how fast you got your account back and the stories of others that are similar is evidence of how far it has come. Blizzard has issued the Authenticator for a price that is incredibly low in the security field - unless you live somewhere in the world where you can't get one, I don't have much sympathy for you if your account gets hacked (empathy, yes, sympathy, no). Don't want to spend 45 minutes on the phone trying to get your account back? Get an Authenticator and attach it to your account(s).
If 45 minutes is average, I agree in this day and age that's too long, but on the other hand I've spent a lot longer than that on the phone waiting for service from other companies and I personally wouldn't have thought much about it. I like being able to connect with service people through an online chat method - especially since I have a second computer beside me most of the time - but just leaving the phone on speaker while I do whatever works well for me.
Have played: Everquest, Asheron's Call, Horizons, Everquest2, World of Warcraft, Lord of the Rings Online, Warhammer, Age of Conan, Darkfall
Well, due to the extremely high rate of being "hacked" for Blizzard's battle.net, they've become experts at undoing the damage done by the malificent individuals involved. I wouldn't be surprised if they actually have a chapter in their employee handbook that details exactly how to view what an account had in total on X time on Y day, with all the characters listed.
All a "hacker" has to do to get into your account is buy a list of emails from a gaming site or blizzard themselves, and then either send phishing emails or simply bruteforce their way in.
My experience is a little different than yours. I used just e-mail... and overall, after getting my account and all my items restored it took about two weeks. Because I was not subbed during that time period, I feel I was treated very rudely about it, like because I was not a current paying customer that my account security was not their problem. Then, since the hacker still had some time left on the account, I signed in and fixed everything, re-equipping gear, cleaning out the bank, vendoring junk items I forgot what they did, etc. Well, this raised a red flag, they shut down my account once more, and now won't let me back in until I pay them the $15 for that 10 minutes.
I purchased an authenticator because they told me that if it happened again, they would turn turn their heads and ignore it.
Sorry Blizz.... you lost a solid customer and now I will tell whoever wants to hear it my awful experience.
I don't understand why people don't just spend the 6 bucks and get an authenticator, or get it for free if you have iphone/droid. Yea, it's still possible to get hacked with one but the odds are extremely low. As others have mentioned, the only way this happens if they are keylogging you at that moment in time and then log in almost immedietely. Even then, the keylogger has to hope that the authenticator key was keyed in when it was first generated (I think the number changes 30-45 seconds). I didn't know it knocked you out if someone else tries to log in while you are already logged in though.
Also if someone is wondering if there is a way to get the authenticator removed from a hacker, it's pretty much like pulling teeth. You have to call Blizzard CS and actually provide the original serial number of the disks.
I would be interested in hearing Blizzard's side of this tale. Although I've had my differences with Blizzard (I think Wrath was pretty bad), their customer service has always been first rate when my friends and myself have had to deal with them (once you get beyond the phone wait time).
My friend's account was hacked during the 2008 Flash exploits, and his treatment was first rate despite the massive numbers Blizzard was dealing with at the time (it was the first time I saw warnings of hacking show up on the WoW splash screen)...and when my wife's authenticator failed when we recently resubbed, they were very friendly as well and even called back at an appointed time at one point.
I'm guessing to get such a stern message from Blizzard, there is a bit more to the story than has been presented.
I played off and on for 6 years before I got hacked. Don't get too cocky just because it hasn't happened *YET*.
Allyou need to keep from getting hacked is a lot of what has been mentioned. Have an e-mail that is ONLY for your battlenet account,never use the battlenet e-mail for anything but battlenet, get an authenticator, never give passwords, don't visit sites that look even slightly weird, don't buy gold and when using addons only get them from a reputible place such as Curse. Been playing for 3 years and have not had a problem. Also never answer to emails or click on links in them. Go straight to the battlenet site for any logins. And NEVER go to any sites that your are directed to while in game by a tell, they are allways phishers. Anytime it is blizz sending a tell they will not tell you to log in to anything and their names will ALWAYS be in blue.
VFWRedMan
My work PC is guarded to the max due to where I work and what I do. My home PC just recently got MSE as a virus scanner. My first virus scanner in 20 years of PC using (beyond a couple free trials for norton/mcafee that were soon removed because they caused more problems than they solved). No viruses. No trojans. The worst was some adware back in the day before the big advertisers paid attention to the ads they were hosting.
Aside from not sharing files/downloading crap, surfing in the "bad" areas of the internet, I just follow one simple rule: never click on anything that I didn't expect to see. All those stupid pop up "your computer is infected! please click ok and go to our site to download Virus Stomper 2011 now!" scams just make me laugh (and annoy me since I blast them with task manager instead of clicking the "close" button which isn't a close button).
Flash is my biggest worry. Too much uses it, and Adobe apparently can't code their way out of a wet paper bag.
I *DO* have to fix a lot of other people's PC's who have gotten viruses/trojans/malware. But they all have one thing in common: People who click things they shouldn't. They deny it of course. Much like the people here who think it's blizzard who was hacked, not them (even after a new pc!!!! heh... same habits, same problems, new PC won't solve PEBCAK.)
Get an authenticator or use the smartphone version.
Get a Mac.
Use Firefox with noscript and adblock.
^
This.
This is one of the biggest things that makes me think there is a security issue on Blizzards end. In many cases I have read about it is week(s) after the account goes inactive. I personally know people that have not played WoW for years, never used add-ons, different PW and UN for all sites visited, been around long enough to know not to fall for the phishing emails, and have trash email accounts for each game they play, that have mysteriously had their accounts compromised. Whether it is a compromised data base or an unscrupulous employee we'll never know but having been an online gamer for 15+ years, there are too many coincidences for me to think this is all the fault of the end users.
The other issue is Blizzards switch over to the battle.net login which is less secure than the previous method of logging into the game. LOTRO just switched their forums over to same login as your game login and not surprisingly, compromised acccounts have become more common. It absolutely baffles me why companies switch over to less secure methods like this in this day and age.
I'm not usually one of those conspiracy, tin foil hat types but like I said, there are just too many coincidences for the fault to all lay at the feet of the end users.
Einherjar_LC says: WTB the true successor to UO or Asheron's Call pst!
I might agree with this, but in some instances accounts have been inactive for years....are you suggesting the "hackers" are monitoring accounts for years as well before they take them over? Not a likely scenario IMO, and does more to prove my point of data base corruption or unscrupulous employee during the battle.net conversion.
I don't know why this theory is so hard for people to accept. It's happened before with large banks having their data bases compromised, or unscrupulous employees taking records from work they're not supposed to and losing them. It happens, it happens a lot, but for some reason people think Blizzard is infallible.
Einherjar_LC says: WTB the true successor to UO or Asheron's Call pst!
I've never been hacked, though I definantly deserved it more then a lot of people. It makes me think getting hacked is more luck based then anything. I was one of those people that: used my yahoo email for everything...lol, Visited porn sites and all kinds of wow related sites, used a similar password for everything, didn't have an antivirus for a year, used internet explorer, basically did everything you could do wrong except actually hand my information to anyone, or buy gold (I think these people have the highest chance of getting hacked).
Tips to lower hack chance (things I do now):
1. Never run the internet on the Administrative Account.
2. Use seperate wow email.
3. Make sure all passwords: wows, emails, computer internet account, administrator account, are all different and hard to figure out. Change wow password periodically (once a year seems good enough to me). Also change it if you hear about a recent surge of hacks, (ex: flash vulnerability that happened a while ago).
4. Don't touch emails claiming to be blizzard.
5. Have an Antivirus
6. Use Firefox with addblock and noscript.
7. Get an Authenticator.
8. Get the dial up thing.
9. Download addons from well known sites. For curse download manually, the client can be vulnerable sometimes.
I can't stress changing your password enough, usually hackers keep your information for a while before hacking the account.
-I want a Platformer MMO
Agreed.
I think as you have stated it's a combination of everything. End users to an extent, non-Blizzard 3rd party sites, and I think there may have been a compromise at Blizzards end as well. Of course no one will admit to anything, especially Blizzard because that would set them up for serious litigation.
It's easier and cheaper for them to deal with it in the mannor they are rather than face any kind of punitive damage settlement which knowing how things are in the US, would happen.
Blizzard hopefully has learned a lesson as Turbine did with allowing 3rd party add-ons to their games. AC1 allowed 3rd party apps and there were constant cases of people having their accounts compromised. It just allows too much room for error at the end users end and causes a lot of issues for the game over all IMO. As with Turbine, their next big game, LOTRO allows no 3rd party apps at all. It's only one facet of the issue, but an easy enough one to stop that would cut down significantly on the amount of compromised accounts IMO.
Regardless of how it happened, I do feel badly for those that have been compromised. It can't be a good feeling and I have been fortunate enough never to have had it happen.
Einherjar_LC says: WTB the true successor to UO or Asheron's Call pst!
I've played a number of mmos. From every SOE game to come out to LOTRO to EVE to some fp2 games and wow. I had my account hacked in wow and wow only. I have had an account on station.com for over 6 years. No problems. Wow That's another story. I'm a software engineer. I've been developing ecommerce systems and web security systems for 15 years. None of the sites I have designed have ever been hacked. After My account was hacked in wow. I went over all my computers with every anti hacker tool I could find. followed every tip from security forums to try to find out what happened. I found nothing. Not one keylogger not one malware, nothing. I did not have an authenticator at the time. I do now. Fortunately My account was auto banned by blizzard with in a few hours of the breach and they only managed to create a new character on a new server to use as a spam agent. I had my account restored during my phone call and ordered an authenticator. Ever since then It’s been fine. BUT again I have never had a breach of any kind on any game until WoW. To this day. Something really is fundamentally wrong with blizzards system. Maybe I can design them a secure system that will actually work.
The two most common elements in the universe are Hydrogen and stupidity. - Harlan Ellison
This is another reason I think it is something at Blizzards end. Too many stories like this. People that have been gaming for years without any issues suddenly have their WoW account, and only their WoW account compromised.
Again, like I said there are too many coincidences for this to lay at the feet of the end users alone.
Einherjar_LC says: WTB the true successor to UO or Asheron's Call pst!
The main issue one has to deal with in such a situation is the fact that you got hacked in the first place. When such a thing becomes commonplace enough that people shrug it off and call it just another part of the game...? That's when you know there is a problem.
No matter the game, and no matter the company behind it, there should be steps taken to prevent this. First and foremost, you have to wonder; how are they getting the ability to hack your account in the first place? If it is so easy, why hasn't it been even easier to circumvent and negate the process entirely? A corporation has a responsibility to it's players, and it's consumers to ensure a secure and enjoyable experience.
In some cases however, we find that the so-called corporations providing these services would much rather not bother with such things at all, stating it is the user's problem and therefore they should take the requisite steps to halt it from happening. But as to the means, the how, or why, they never say. If this is to be resolved, it should be the corporation who provides the service that is to take the steps required to negate this. An individual can only do so much without being properly informed of the actual ways to stop these so called "Hackers" from getting what they want.
I have played many games before, and many of them primarily that in which would become victim to hacking attempts, if not gold farmers or the like. Each time, I have found the companies send out warning letters, with the requisite "<Insert game here> Representatives will never ask for your personal information/password or username."
But is it really enough? Can the corporations not provide some sort of program in which would allow the player to play the game in relative safety from such things? I suppose we'll never know.
Oh my god, my account of the most popular p2p mmo in the history of the world was hacked, how odd. Seriously why would anyone hack for example EQ2. No one gives a shit about EQ2. There are so many hacked WoW accounts simply becouse there are so many people playing it. Also, oh my god my WoW account which I have not used for months was hacked HOW could this be!!!!! Oh I dont know becouse if someone hacked an account that was active and being used it would lead to the hacking being discoverd in mere hours instead of months.
What people totally fail to realise is that you dont need to enter a WoW phising site or click a WoW phishing link to get hacked in WoW.
Totally had my account hacked and recieved emails about something of the sort. never responded but when i start back up my warrior batter be back to up and running state.
~i'd rather be forgotten than remembered for giving in~
Yeah, because data bases never get compromised or there is never a case of unscrupulous employees where significant money might be involved... *rolls eyes*
Naivety is the scammers best weapon.
Einherjar_LC says: WTB the true successor to UO or Asheron's Call pst!
You should know better as a writer for this website then to post this crap. I stopped reading at :I got my account hacked".
No one hacked blizzards servers, You were stupid and got keylogged is far more likely. Probably on a site advertising WoW gold. Or maybe you clicked a link on the forums. There are 101 ways dumb people get duped.
But to have any credibility as a game reviewer and say on your own site you got hacked. Come on man really?
Normally i'd brush this off as people being naive or not paying attention. What makes me go Hmm is just after the switch to battle.net this happens. Which everyone knew was going to cause security issues. But then just shortly after Blizz comes along and gives you a patch to correct the problem (the authenticator, which you never needed before the change) so long as you pay for it.
I don't care if it's 20 6 or even 1 dollar. That type of security is on their end. They did something on their end that weaken the security (by changing unique names to emails) then it's on their end to bring the security back up to where its suppose to be. Thats my only issue with the circumstance.
Help me Bioware, you're my only hope.
Is ToR going to be good? Dude it's Bioware making a freaking star wars game, all signs point to awesome. -G4tv MMo report.
I am not ignorant of this fact. However, I do not see any reason why steps have not been taken aside from the simple "Do not open email by suspicious people, and do not go on sites aside from ones authenticated by blizzard" Kind of runabout.
This sort of thing only seems to perpetuate the ignorance of the players, and make it easier for hackers to get the information that is so desired. There needs to be better preventative measrues taken. And while I am ignorant of -how- specifically they hack the information, I must admit, I have a theory.
A virus which would enter your system, and search for critical files integral to the world of warcraft game. Or, keyloggers. For the first, I would honestly create a folder with a"False" database, and should they attempt to read the files and send the pertinent information back, it would trigger some sort of reciprocating virus in which could trace the ip it was being sent to, and infect said computer, and network.