WoW Account Hacked? Maybe It's Not Your Fault

it wouldn’t surprise me if it was a blizzard employee i mean really think about it, I’ve seen ppl do some crazy shit for just $5.00 whats to say they aren’t selling info for a WHOLE lot more than that.

>Tin-foil hat conspiracy theorists need not to come back.

1. Activision-Blizzard doesn't make as much as you think. http://www.wolframalpha.com/input/?i=activision+blizzard

Keep in mind that majority of profits can be contributed to Activision.

2. http://www.vasco.com/products/digipass/digipass_go_range/digipass_go6.aspx

Keep in mind that Blizz has to bid for the authenticators. The company can't mass produce them enough to meet Blizzard's demands.

3. You already got a Blizzard staffer to explain that nobody can access your password. Maybe you should retract that bit?

p.s. for the average person to buy an authenticator… http://www.costcentral.com/proddetail/Vasco_Digipass_Go_6/5414602411136/11087621/

>I agree with the above poster. My account was hacked Friday along with what appeared to be hundreds of others. I base this on the page after page of posts in the WOW forums and the fact that Blizz's phone queue was full all night on Friday and almost all day yesterday. Even when I finally got into the queue (around 9pm CST) I waited over an hour for help.

I also have an experience like one of the above posters: played WOW since the beginning, never had a problem or even knew anybody who had, and in the last two weeks, two people in my guild and now me have been hacked. And the two from my guild both work for one of the largest banking sofware companies in the country. I don't claim that this makes them immune to this sort of thing but I do claim that they are both two of the smartest people I know when it comes to anything having to do with computers.

And I, also, am quite sick of all the people who insist that the "simple" solution is that we are all the problem and not that there is a problem at/with Blizzard or Battle.net. First of all, they often use the argument that no one is sophisticated or tech-savvy enough to protect themselves from harm, but then they turn the other cheek and say Blizzard is far too sophisticated and tech-savvy to have a problem on their end. I mean, seriously? The "simple" solution is:

a) A bunch of differnt hackers all happened to pick the exact same day to compromise accounts in the exact same way and all happened to have the same level of success no matter whose account they were hacking.

Or…

b) A large, evil MMO hacking company or perhaps a hacking cartel carefully coordinated this event to make a bunch of money in one sitting.

I'm sorry, but I don't see how either of these is "simpler" than the fact that either Blizzard or Battle.Net has a problem somewhere.

>I was also drawn to the suspicious fact that WoW accounts are being hacked (incluiding a couple of people who I know are pretty careful, one on a Mac, which is supposedly immune to most viruses/key loggers)and not far more valuable financial accounts. The reality is that the going price for gold in WoW is really low and selling characters is not a fast process, so they probably make like $10 for hacking an account.

I hadn't considered the original poster's idea about somebody stealing passwords in Blizzard, but what I do suspect is that they've built an inherently flawed communication system. One of things that differentiates WoW from logging on to a bank is that a lot of the communication is player-to-player instead of just directly with Blizzard (and at least originally, this was computer to computer, not through WoW servers, at least for things like getting patch content out). I don't know anything about the nuts-and-bolts of how this is done, but it inherently means that you're spouting all sorts of information to random people who might be standing next to you on some world, and might make it difficult to enable the sorts of encrypted communication that protects other systems. Has Blizzard created a system that they can't protect and won't admit it?

>I was hacked as well the other day. What I find odd is that it was at a time where I haven't been very active. Also, I get how a keylogger could nab my password but how did it get the login that I never have to type? I consider myself a safe user but there is no way to say I am perfect. Oh well guess I will see what blizzard does but at the end of the day I guess I need to quit the game. Compromised once usually means it will happen again.

>Protection of your account or accounts has become more and more important. What is more frustrating is that apparent lack of action from Blizzard as I every day when logging on see a few characters running "naked" between AH and the mailbox, clearly being hacked, sharded and destroyed.

Blizzard has the money, they have the staff, why do they not have the solution?

>A lot of the malware can't be picked up unless you have the login screen up, with gibberish in the fields. Many people have found this is when the keylogger/phisher/whatever is located.

You say that you make sure you are using reliable software. I wonder if you use addons at all. One more than one occasion, people have had phishers/keyloggers come up through ads that are in the free Curse Client as well as on some of the web pages.

The biggest problem is that people seem to think that if they only visit "safe" sites, they will be fine. Those who are looking to compromise your account have realized this. "Safe" sites have been hit with compromised links.

Never run WoW with other internet pages running in the background. If you log onto WoW with a compromised page running, that is how your password information was grabbed.

Also, they aren't stealing play money. A lot of these accounts are resold to those who do not want to take the time to level characters. It's not just play money they're taking, they're taking real money as well.

>It's not on blizzards end. There is nothing to figure out. If you really think you and the others who were hacked have better security than a billion dollar company with so much more at stake, then you are truly delusional. Also one major flaw in your theory… Blizzard employees can't see your password. No one can. Not even mike morhaime himself. So an internal breach isn't possible. As for external, that means the hackers would first have to breach blizzard security and then figure out how to unencrypt the hash/passwords which probably only a handful of people could do in the world. And they aren't wasting their time stealing wow accounts.

The simplest and obvious explanation is the correct one. Blizzard didn't get hacked. You did.

>I was saying similar things to my guildmates today.
Everyone knows they should have spyware malware and antivirus most PCs come with free trials for internet security programs.

I am reading far too many post where people say they haven't gone anywhere dangerous or clicked anything they shouldn't have. I am sure some of them are lying, but all of them?

This leads me to believe that Blizzard is not telling us everything and that there are issues on their end.

The spike in hacked accounts is not in our heads the way some of the people on the Fanboy Forums would have you believe.

I have played WOW since 2006 and only missed about 4 months total time from 2006 – 2009 I didn't know of anyone close to me that got hacked.

It's midway through 2010 and both of my in game Friends who are in 28-30 not some kids looking to grab a Free mount(from the phishing whispers you get in game)and one of our guild tanks has been hacked a Shaman in the guild Hacked a Rogue in the guild, Hacked in addition to myself.

That's 3 years without knowing a single person I interact with in game hacked and maybe 2 rumors of people I do not interact with being hacked to atleast 7. 1 long term friend in guild. 1 long term WOW friend outside of the guild. In just 6 months!!!

>This is quite a paranoid and self-serving view. You can chose to believe what you've written here, or you can admit that it's possible that one scam somehow slipped past your radar. It's okay to admit that, by the way. These guys are crafty. They take legitimate e-mails and change the URLs, their Keyloggers are capable of evading detection unless the WoW login screen is up. And when researching to write this comment, I found that 5% of them are able to fool the system at a kernel-level, to avoid being seen in task manager.

You ask "Is that because there are no documented threats?". One needs only to look at the securelist descriptions of trojans they consider to be game-thief trojans.
http://www.securelist.com/en/descriptions?behavior=trojan-gamethief
The list includes over 200,000 programs. Granted that all those aren't designed to steal WoW info, but since WoW is the largest MMO, it's safe to assume it holds an equal share of bad guys who want your info.

Phishing scams have also been documented quite well. In fact, Blizzard has a post in their customer service forum which lists e-mails commonly sent out to attempt to phish your information. But I suppose in your paranoid world, Blizzard posts those e-mails on their forum because they created them. And as recent as January, the top Google result of "wow armory" was a sponsored site that was a phishing attack. (reference http://i.wow.com/2010/01/15/beware-of-wow-armory-phishing-scams/)

As for only stealing play money, it's quite a leap from stealing login info and gold, to creating all the fake ID's that would be necessary to compromise bank accounts. These guys don't need to steal real life money, because people give them real life money in exchange for this virtual currency which they can steal with much less risk to themselves.