WoW account security?

[Jared701]

My account had been inactive for over a month. My highest level toon is 58. Somehow my account got activated tonight (I did not have a credit card saved with blizzard) and someone had created a low level horde toon and was leveling it.

I have all the windows security updates/symantec antivirus/spybot search and destroy. All are current on their updates and I've done a scan with symantec/spybot in the past 48 hours. 0 threats were found. I got spammed on my hotmail account for over 100 emails from [email protected] claiming delivery status notification about a returned email. I never opened any of those and have nothing in my sent folder I did not send.

The person kept logging into my wow account and kicking me off and eventually changed the password on me. I then went in from the link using my full name and changed the password to something else. I did not get kicked off after doing that.

I'm running a trend micro internet scan right now and still have found 0 threats. Could blizzard have somehow accidently merged 2 accounts into 1? I have no idea what could have caused this and trying to figure out if my computer really is infected. It seems odd that a game I haven't played for over a month and have not put the password in for in that long was accessed. I have not found anything else weird or have any other accounts accessed that I've noticed. The 100+ spammed emails to me earlier today was the only oddity I noticed today.

 

[evilsofa]

They may have simply brute-forced your password. Can your password be found in a dictionary or on the Top 500 Worst Passwords list?

 

[Jared701]

Password definately isn't on that list... although it was fun to see what some of the most common passwords are. I think my password is still considered strong using upper and lowercase, no words and numbers in it. It would be odd if someone brute forced it.

Considering that the login is now the email address + password and I was foolish enough to use the same password for both that email and the game I don't understand why the person would try to play the game after getting disconnected multiple times by me and then finally change the password to the game. They never accessed my email as far as I can tell (password changed now and is different from my new battlenet password too) I believe the person would have had to used their own credit card or a stolen one to activate my account. It just doesn't make sense to me to do that and not just create your own account.

 

[SputNick7]

any chance you run any addons?

 

[QES]

They could have just used a gamecard they bought from a store. It would be odd indeed if it was bruteforced, but it seems like that may have been the case almost. Appears that it wasn't anything on your end, unless it was an addon.

 

[limitedaccess]

Is there a reason why login attempt limits are not used more often? I mean honestly it is highly unlikely you make say 5 typos every 30 minutes or something. Is there a technical reason for this?

 

[herfalerf]

honestly i dont know why people dont use authenticators. if you have a smart phone chances are the program is free, if you dont the authenticator dongle costs like $6. pretty much garuntees your account will not be hacked.

 

[masamune]

Have you ever signed up for a website with the same password such as a guild forum?

 

[PrincessFrosty]

I'm absolutely astonished by the sheer amount of people getting their WoW accounts "hacked", my brother finished his degree in computer science with a 1st, so did his friend, and both of them have had their WoW accounts hacked since uni.

This isn't complicated:

• Strong passwords
• Stop installing 1000's of mods no matter how "trusted"
• Install security patches the day they're released
• Modify your behaviour so that you're not virus prone
• Do NOT give your personal details to anyone

Almost all of these stolen passwords will be from viruses designed to harvest personal details from peoples computers, a lot of them since they're otherwise harmless probably wont be added to anti-virus patterns for a long time.

 

[Jared701]

I'm absolutely astonished by the sheer amount of people getting their WoW accounts "hacked", my brother finished his degree in computer science with a 1st, so did his friend, and both of them have had their WoW accounts hacked since uni.

This isn't complicated:

• Strong passwords
• Stop installing 1000's of mods no matter how "trusted"
• Install security patches the day they're released
• Modify your behaviour so that you're not virus prone
• Do NOT give your personal details to anyone

Almost all of these stolen passwords will be from viruses designed to harvest personal details from peoples computers, a lot of them since they're otherwise harmless probably wont be added to anti-virus patterns for a long time.

All of these apply to me. I did not use addons when I played wow. As stated, I had not even played in over a month. I did not have a guild website with the same password. I have quit wow so an authenticator was not needed. The only thing I was trying to figure out is if my computer was likely infected and my other passwords/accounts weren't safe anymore. I scanned the machine using latest updates on symantec and the online scan from trend micro and 0 threats were found.

 

[Void]

Jared, was the email account that you used for WOW compromised also? just kind of wondering myself.

 

[4saken]

i had mine hacked after 2 years of complete bnet inactivity. it was brute forced. Diff password than any of my other accounts, one day i just got an email about my WoW account being banned, and was just like..huh? I have since put on the BNET authenticator onto my account using my iphone app.

 

[Vorret]

lol.. so he pays to use your account just to avoid buying the game?

That' just epic fail material right there.
Contact Blizzard and steal his 15$, free play time bro!

 

[FranklyShankly]

Get the authenticator app for free if you have an iPhone or android phone. If you don't you can buy the actual authenticator for a few bucks. It makes your account pretty much impossible to hack.

 

[PrincessFrosty]

All of these apply to me. I did not use addons when I played wow. As stated, I had not even played in over a month. I did not have a guild website with the same password. I have quit wow so an authenticator was not needed. The only thing I was trying to figure out is if my computer was likely infected and my other passwords/accounts weren't safe anymore. I scanned the machine using latest updates on symantec and the online scan from trend micro and 0 threats were found.

That's fair enough, I wasn't really directing my statement at you specifically just gamers in general.

Yours is a mystery, did you ever log on from another computer or device? Does anyone have access to your computer? It's likely that it was a virus that snagged the password, if you have AV it may not have a definition for the virus so is unable to remove it, obviously keep that up to date if you're running AV.

Do you use the same username/password for anything else? especially online, like forums or other MMO accounts? It's possible the entry point was elsewhere, for example somoene finding username/passwords for one game/service/app/site may very well try that combination for other similar things.

 

[AMD-T64]

Just got my account back last night. 2nd time hacked in 5 years, I know all their tricks and it still happened. They paid to transfer 3 of my 14 characters to other servers, which would have cost $75. I didn't have enough gold for them to sell to even make their money back. Go figure...

I am so safe I figured I didn't need an authenticator, but I have one now.

 

[darkpaw]

lol.. so he pays to use your account just to avoid buying the game?

That' just epic fail material right there.
Contact Blizzard and steal his 15$, free play time bro!

More than likely it was reactivated using a stolen CC# or game cards bought by selling stolen loot.

If people would stop buying crap from these jack assess, then there wouldn't be huge problem with this. The scammers found out a long time ago it was easier to make money by hijacking accounts than running bot farms 24x7. They wouldn't be in business if no one was buying gold though. FFS, its not that hard to make money in the game anyways. Personally, I had no issue with player-to-player cash transactions in MMOs and used to sell excess plat in EQ, but now the entire market is run by scammers that just steal accounts.

WoW doesn't help either since they just restore the "hacked" accounts and they usually end up with more than they had before since they tend to get crap the scammers put in their bank. At least once a month one of my guildmembers gets their account jacked. EQ you were lucky to get your characters replaced if your account got jacked, but I only know one person it happened to in 6 years since there wasn't an oganized crime industry built around the game.

As for your system, if you can't be sure nuke it from orbit + fresh install. A computer that can't be trusted isn't a very useful computer.

 

[GregP24]

Use an authenticator. A hacker would need to physically have your authenticator to crack your account.

 

[darkpaw]

Use an authenticator. A hacker would need to physically have your authenticator to crack your account.

MITM attacks work against an authnticator as well, but those have to involve compromising your local machine and are much more sophisticated to pull off.

 

[Kangg]

First thing you need to do is get yourself an Authenticator. It's 6 bucks free shipping and you get a Core Hound Minipet to boot. Do it.

 

[PrincessFrosty]

Yeah its true about everything scam related though, there would be no spam emails if the idiots who open them and fall for them would just wise up, but it's never gonna happen.

Blizzard need to be on top of it, they need to track transactions in their database especially gold transactions, and then they can work out the money trail from accounts who've had everything stolen.

Preferably accounts of those who bought gold should have that gold deducted, stopping the actual criminals would be too hard, but stop demand by punishing those who create demand, that will end the spamming and selling.

If it was only as easy to punish people opening spam email :/

 

[Jared701]

Jared, was the email account that you used for WOW compromised also? just kind of wondering myself.

I was dumb enough to have the same password and the username for logging in now is your email so it could have been. I did not notice any unauthorized activity though and changed my password so it should be secure again if it was compromised.

 

[Baddreams]

I'm absolutely astonished by the sheer amount of people getting their WoW accounts "hacked", my brother finished his degree in computer science with a 1st, so did his friend, and both of them have had their WoW accounts hacked since uni.

This isn't complicated:

• Strong passwords
• Stop installing 1000's of mods no matter how "trusted"
• Install security patches the day they're released
• Modify your behaviour so that you're not virus prone
• Do NOT give your personal details to anyone

Almost all of these stolen passwords will be from viruses designed to harvest personal details from peoples computers, a lot of them since they're otherwise harmless probably wont be added to anti-virus patterns for a long time.

Strong passwords don't matter as much as you think, most exploits are not due to brute forcing a password. Security patches are released after the exploit has become known, plus the time it took to research it and develop the patch.

In my case I was victim to a zero day Adobe Flash exploit on a pretty popular website that nailed quite a few people (I think the number was around 200k or so). I guess I need to modify my behaviour to include avoiding trusted sites that use popular technologies.

 

[PrincessFrosty]

Strong passwords don't matter as much as you think, most exploits are not due to brute forcing a password. Security patches are released after the exploit has become known, plus the time it took to research it and develop the patch.

In my case I was victim to a zero day Adobe Flash exploit on a pretty popular website that nailed quite a few people (I think the number was around 200k or so). I guess I need to modify my behaviour to include avoiding trusted sites that use popular technologies.

I doubt we have the same idea of "trusted" website, and yes flash should be pretty much blocked where possible, firefox or chrome with adblock is your friend.

Most of the 0 days exploits are distributed through websites who don't check up on the affiliates that are allowed to deploy adverts on their website. Anyone who is even slightly savvy is blocking that crap already.

 

[GregP24]

MITM attacks work against an authnticator as well, but those have to involve compromising your local machine and are much more sophisticated to pull off.

I don't really see man in the middle attacks being used to crack someone's WoW account. But, you are correct.

Are there people out there who go to that much trouble?

 

[krameriffic]

Jared, was the email account that you used for WOW compromised also? just kind of wondering myself.

THIS is an interesting question. I had a similar thing happen to me shortly after WotLK came out. Bought it, played it for two months, stopped and then in June of 2009 my account was paradoxically reactivated and the password was changed. The only way that can happen is if someone has access to the email account used because they have to get the email from Blizzard to confirm it.

 

[Baddreams]

I doubt we have the same idea of "trusted" website, and yes flash should be pretty much blocked where possible, firefox or chrome with adblock is your friend.

Most of the 0 days exploits are distributed through websites who don't check up on the affiliates that are allowed to deploy adverts on their website. Anyone who is even slightly savvy is blocking that crap already.

True. I guess I will make my point in a far less sarcastic way. Every computer user on the planet could follow your security guidelines and millions would have their accounts/computers compromised each year.

 

[berzerker]

Well, I've read there is a trojan .dll that works even with an authenticator. When you log in an put in your auth code, the trojan sends it off to the hacker and your screen shows an error "incorrect authenticator code". The hackers only have a short window to log in and strip your account, because they still can't generate a new authenticator code to log in later.

Anyway, it sounds like a lot more trouble than hacking accounts without an authenticator, so the hackers are more likely to move on if they find an authenticator on the account.

I've seen so many posts from people claiming they did everything right security-wise (antivirus,firewall,trojan/spyware scans,unique passwords/emails, regular patching/updates, adblock, noscript, flashblock, etc.) and got hacked anyway. I know most people making those claims probably missed something, but there are just so many accounts being hacked that there must be some leaks or break ins somewhere in between Blizzard, email providers and ISPs that allow hackers to steal accounts no matter how secure your own machine is.

 

[darkpaw]

I don't really see man in the middle attacks being used to crack someone's WoW account. But, you are correct.

Are there people out there who go to that much trouble?

Yes there are, its really big business. They'll even add an authenticator to your account now if it does get jacked to make it harder to recover.

 

[PrincessFrosty]

True. I guess I will make my point in a far less sarcastic way. Every computer user on the planet could follow your security guidelines and millions would have their accounts/computers compromised each year.

Well I've gone about 8 years now without any AV or software firewalls, while I do work in IT I'm not some security freak who only uses linux and all that nonsense.

At home I'm a windows user, I use my computer for the same things pretty much everyone does, browsing sites, watching videos, sending IMs, recieving email, playing games, downloading files etc

I find it hard to believe that it's some huge fluke that I've never suffered from any malicious attacks before, sticking to simple guidelines works, the problem is that some people simply do not stick to these guidelines.

Sure, in a planet of 7 Billion people, several million might become infected with something undesirable due to a string of unlucky circumstances whereby otherwise reasonably trustworthy websites fail to screen a bad advert and a zero day exploit nails them...but that hardly accounts for the relentless number of WoW accounts hacked, most of these people simply need to exercise better caution when using their computers.

Ideally we need to start teaching this stuff in schools, IT needs to become a much larger part of education, we're going to become almost 100% reliant on it within a few generations, we can't keep this up.

 

[GregP24]

Holy crap.Wow. I was not aware.

 

[Baddreams]

Sure, in a planet of 7 Billion people, several million might become infected with something undesirable due to a string of unlucky circumstances whereby otherwise reasonably trustworthy websites fail to screen a bad advert and a zero day exploit nails them...but that hardly accounts for the relentless number of WoW accounts hacked, most of these people simply need to exercise better caution when using their computers.

The relentless number of WoW accounts hacked are due to the serious amount of money to be made through gold farming or whatever it is the hackers want the accounts for, coupled with the almost complete lack of reprocussions for doing so. This brings me back to the post of yours I originally quoted. You can have the strongest password in the world, it won't matter if you have a keylogger installed. If there is a will there is a way, especially in an electronic world with no physical barriers.

I've derailed this thread enough. I just had a knee jerk reaction to your post and it's scoffing undertones, as I personally have had my account hacked when there wasn't anything I could have reasonably done about it beforehand.

 

[RedTalon19]

I got my $6 core hound pet and I love it.

Oh yeah, I also got that authenticator thing in the mail too as a bonus.

 

[Archer75]

probably got phished. Or you use the same password on another site that was hacked there and they used that to see if you play wow. I'd still put an authenticator on it just in case you play again in the future.

I know people only think when they are hacked it affects wow. But the truth is once they have your password(s) they can likely get into your banking sites as well. Anything really.

The phishing emails have gotten a lot better. I bet many people actually click the link and enter their credentials on those fake sites. Or people use the same login and password for many sites/games. Or give their logins to friends whos machines are comprised. Or login on work computers. Computers in cafe's.

 

[bastage]

So I have 2 accounts & both have been inactive for months. But my account name does nothing for login since I have them linked to my Battle.net accounts. I log in using my email address instead of the account name. I Figure that is enough & so far it has worked. Even proved itself once as I was contacted because someone was trying to reset the PW on one of them, but they were using the account name instead of the battle.net info.

 

[PrincessFrosty]

The relentless number of WoW accounts hacked are due to the serious amount of money to be made through gold farming or whatever it is the hackers want the accounts for, coupled with the almost complete lack of reprocussions for doing so. This brings me back to the post of yours I originally quoted. You can have the strongest password in the world, it won't matter if you have a keylogger installed. If there is a will there is a way, especially in an electronic world with no physical barriers.

I've derailed this thread enough. I just had a knee jerk reaction to your post and it's scoffing undertones, as I personally have had my account hacked when there wasn't anything I could have reasonably done about it beforehand.

And you only end up with keyloggers installed if you do something stupid security wise, I don't expect everyone to be IT masters but a lot of people lack the most fundamental skills that are the digital equivalent of locking your front door when you leave the house. As I said before there needs to be more education on the matter.

The type of zero day exploits you may or may not have been hit by are pretty rare and account for a very tiny amount of overall number of security issues around the world, and even they are avoidable to some degree.

You're absolutely right though, where there's a will there's a way, the difference is this isn't targeted attacks on users, these are generic viruses and scripts that "attack" as many people as possible and simply bottom feed off the easy targets. It's reasonably easy to put up a defence against it which works, you just need a bit of knowledge and some self control with your actions.

 

[Polarhound]

honestly i dont know why people dont use authenticators. if you have a smart phone chances are the program is free, if you dont the authenticator dongle costs like $6. pretty much garuntees your account will not be hacked.

Beginning with Cataclysm, there will be a new option for Guilds: Restricting member level by Authenticator use. No Authenticator? No guild membership at that level.

Oh, and no longer having to dig out the core hound pup every time you need to prove you have one.

 

[P!rate]

honestly i dont know why people dont use authenticators. if you have a smart phone chances are the program is free, if you dont the authenticator dongle costs like $6. pretty much garuntees your account will not be hacked.

^^ Authenticators are awesome, iphone/ipod touch too

 

[Yoshiyuki Blade]

I doubt we have the same idea of "trusted" website, and yes flash should be pretty much blocked where possible, firefox or chrome with adblock is your friend.

Most of the 0 days exploits are distributed through websites who don't check up on the affiliates that are allowed to deploy adverts on their website. Anyone who is even slightly savvy is blocking that crap already.

I think the "trusted" site could be the biggest problem. I had my account compromised sometime in March and I still strongly believe that I was infected by a flash ad on wowhead. It's a tough to say that such a large and prominent database site can't be trusted, but I guess I can't trust them after all. Now I gotta take extra precautions (ad blocks etc.) even when browsing websites that aren't exactly shady. It's annoying to deal with this, but necessary. Only sites I trust is [H] and the online banking/CC sites I use.

 

[Ragenrok]

well, screw this thread, I go atleast a year without account problems, read this thread then next thing I know my accounts compromised lol. They must of gotten my email password as they were resetting my wow account.

Thankfully my authenticator made it so they couldnt get past changing passwords last night, changed my email then my wow account password and all is good again.