LOL when i first read this post i started laughing although it only made me sad, my WoW account was recently hacked but thats not what made me laugh its that when i read the a sentence in the 1st paragraph
Even an authenticator won't protect against some of the more advanced scams, thinking of the Wow.com article about the guy selling the tiger loot code, because many of them ask you to put in an authenticator code to access the site (so they can get in with that code once in a short timespan since you gave it to them and didn't use it up on a real blizzard site). While it will protect you against a great many things (and can keep them from getting back in if you can manage to boot them that one time) it cannot guarantee your security. Always practice defense-in-depth and use multiple secure habits to make it just that much harder for them to get your account.Also, to any of you who think that these people are all fools who get hacked, check out that Wow.com article, seems like (some of) the hackers are catching on and making their scams more sophisticated so that they can get all of the players (not just the fools).
Maybe there's more hacked accounts because there's more accounts?
I have an online friend who would frequently ask for my and my boyfriend's account information so he could "try out" a class before he invested the time into making one of his own. It wasn't anything special--he asked the same of many people, and it wasn't unusual to see him switch onto a friend's account in order to gain access to a particular class just to fool around. Needless to say, we always turned him down out of our lack of familiarity with him and the fact that we can't just hop on a plane to go across the country and track him down if anything happened.A few months ago, he managed to download a keylogger and promptly had his account stripped down to the Mining Pick he kept in his bank. As far as I know, no one else's account he had access to wound up in the same situation, but they could very easily have if he had logged onto someone else's before his own (and Blizzard probably would have refused to recover that person's items). To be honest, I never considered the security risk posed by logging onto WoW from a different, possibly compromised computer, but now it just gives me more reason to keep my account information to myself.
I think it would be cool if blizzard made an in-game PIN number that you had to enter before you did anything (like take off gear, open bags, look into your bank or a Gbank, or do anything to your guild with any of the powers that are entrusted to you by said guild). And the code would have to be entered into an in-game pop up window that makes you use your mouse to click on the numbers (in case you do have keyloggers on your comp.)Yeah I got the PIN Idea from Runescape. It was an awesome game until I started playing this other one called World of Warcraft :P
You forgot to mention a very common security issue.People more often than not like to use the same e-mail and password for all kinds of activities, such as Internet Forums. These websites don't offer the same level of security as HTTPS websites such as Blizzard's authentication servers, and are commonly attacked.Use a unique set of login/pass for each webservice you use.
I hate to say it, but my account was just hacked this past Friday night... all my toons stripped (I'm assuming) and deleted except two, who were just left naked and broke. I e-mailed Blizz and I'm still waiting to hear something other than basically "we got your email and will get back to you when we have time".I *thought* I was pretty savvy about avoiding scams... running virus scans weekly, not clicking on links, not responding to whispers, not visiting websites, not buying gold or leveling.. What I did do was decide to be a part of something, to help out.. >.< I downloaded a program designed to keep a site's WoW information up-to-date.. yes, I'm talking about the WoWhead client. While I am not certain that it was through that program that the hackers gained access, that's the ONLY thing that I've changed recently... I dl'd the client and was hacked two days later. Coincidence? Maybe, maybe not.But my point is that no matter what you download or how safe you think the site is, there may be code other than what is stated in the description... (BTW, I did email wowhead feedback about the possibility that their client may be compromised but haven't received a reply yet.)
Let's just dispel this rumor right now: No Blizzard employee will ever ask for your password under any circumstance. They do not need to know it, nor do they want to. And, yes, our passwords are encrypted to them so that they don't see it.
Damn nice article. I were hacked like 4 times in a row, after that Bizz said that my account could be permanently locked after next hack, so i bought authenticator. After i got this device no matter where i were: porn site, strange site or keygen site (that im sure have most threats) - i wasn't hacked at all.
No one has ever decrypted a hash. It's a digestion of the original data down to something completely incomprehensible and unrecoverable. The WoW client digests your password from the database and compares it to the digested hash value of the password your client sends to the authentication server. Yes, encryption only buys time. If someone needs to decrypt something and there is a way to decrypt it, then anyone with enough time/computing power can eventually decrypt an encrypted message. If anyone has successfully "undigested" a hash value I'd like to know about it.
There's one simple thing you can do to help reduce your risk of getting hacked I haven't seen mentioned.Tick the box that stores your account name.The most common keylogging malware out there simply records keystrokes; yes there are more sophisticated ones out there that take screenshots as well but those are a lot larger and easier to detect for most virus scanners. What this does is eliminate your need to type your account name before typing in your password.Your password isn't much good to a hacker if they don't know your account name!
I got hacked.Never gave any account info to anyone.I run antivirus and firewall software.My account had been inactive for a month before they struck.The moron actually paid money to reactivate my account, and then he/she/they got it banned within about a month.I have my account back, but my characters were looted and their skills dumped. The last person in the chain to try and restore or fix stuff at blizzard blew me off, so don't expect any actual restores from them.How did they get my login info? I don't have a clue. It could have been a driveby webscript that uses security holes to install a keylogger. But then why did it take a month (or more) before they stole my account? My brother suspects an insider at blizzard was doing it to inactive accounts. (He can be a bit paranoid, but I won't completely exclude that option.)As to the Authenticator, has anyone ever seen it in stock? Ever?
our account was hacked not to long ago, but we were able to stop it because we recieved a spoof email with the wrong name. After that, we realized that the programs that can almost "watch" wat you type on the keyboard are what called keylogger software and you can get rid of them with a simple security scan.
The whole battle bot promotion made me wince, because by actually giving out in-game items for entering your information on a website Blizzard gave credibility to many of the scams (for unsophisticated users unlike the present company). And then making your email your account name was part of it too...
I downloaded Blizzard's Mobile Authenticator the day it was released for my iPhone. It's free, and extremely satisfying to know that your account is secure even if your password is in the hands of someone else. I usually have my phone on me at all times, so it's no trouble to enter in an 8-digit code that changes every 15 seconds when I log into World of Warcraft.This also works with the iPod Touch as long as you have a wireless network to sync the app on. If you have an iPhone or iPod Touch, I highly recommend installing and using this app. It could save you your account!