LOL when i first read this post i started laughing although it only made me sad, my WoW account was recently hacked but thats not what made me laugh its that when i read the a sentence in the 1st paragraph "Sadly, though, I've been noticing an increase in one particular thing—something that, as Smokey the Bear has always claimed, only we can prevent—the amount of accounts that have been compromised or "hacked." "my main character's name is smokemdabear whos a druid And right now I'm currently trying to contact the billing support after just getting a reply from blizzard.SO DONT WORRY THE REALM OF MANNOROTH THE REAL BEAR IS COMING HOME! Soon...
Even an authenticator won't protect against some of the more advanced scams, thinking of the Wow.com article about the guy selling the tiger loot code, because many of them ask you to put in an authenticator code to access the site (so they can get in with that code once in a short timespan since you gave it to them and didn't use it up on a real blizzard site). While it will protect you against a great many things (and can keep them from getting back in if you can manage to boot them that one time) it cannot guarantee your security. Always practice defense-in-depth and use multiple secure habits to make it just that much harder for them to get your account.Also, to any of you who think that these people are all fools who get hacked, check out that Wow.com article, seems like (some of) the hackers are catching on and making their scams more sophisticated so that they can get all of the players (not just the fools).
Maybe there's more hacked accounts because there's more accounts?
Most of obvious, but must be said, stop surfing for porn on your wow computer. Use the Wii, PS3, iPhone, etc. if you really have too.And if you are going to use a cyber cafe to play some WoW, check the place out first. How are the other customers, are the computers "secure", what kind of atmosphere do they have and check out how reputable the staff are.*sniff* but I wanna look at *!@#ies on mai PC :(
I have an online friend who would frequently ask for my and my boyfriend's account information so he could "try out" a class before he invested the time into making one of his own. It wasn't anything special--he asked the same of many people, and it wasn't unusual to see him switch onto a friend's account in order to gain access to a particular class just to fool around. Needless to say, we always turned him down out of our lack of familiarity with him and the fact that we can't just hop on a plane to go across the country and track him down if anything happened.A few months ago, he managed to download a keylogger and promptly had his account stripped down to the Mining Pick he kept in his bank. As far as I know, no one else's account he had access to wound up in the same situation, but they could very easily have if he had logged onto someone else's before his own (and Blizzard probably would have refused to recover that person's items). To be honest, I never considered the security risk posed by logging onto WoW from a different, possibly compromised computer, but now it just gives me more reason to keep my account information to myself.
I think it would be cool if blizzard made an in-game PIN number that you had to enter before you did anything (like take off gear, open bags, look into your bank or a Gbank, or do anything to your guild with any of the powers that are entrusted to you by said guild). And the code would have to be entered into an in-game pop up window that makes you use your mouse to click on the numbers (in case you do have keyloggers on your comp.)Yeah I got the PIN Idea from Runescape. It was an awesome game until I started playing this other one called World of Warcraft :P
Most of obvious, but must be said, stop surfing for porn on your wow computer. Use the Wii, PS3, iPhone, etc. if you really have too.Eh, that's a strawman. If you're compromised by a pornographic site, they're not going to target your warcraft account, they're going to target your bank account and other personal information.Generally speaking I don't think hackers in general care about selling your equipment, emptying your inventory and stealing your gold just to make a few bucks selling it to a gold-selling site. That's small time. People who target Warcraft accounts might also target personal information, but people who target personal information won't target Warcraft accounts, as it's a waste of resources: there might be 10 million active WoW accounts, but there are surely billions who browse porn every day. The chances the victim of phishing or hacking even has a Warcraft account is pretty damn low, unless you target Warcraft players specifically, e.g. through addons, gold selling and powerleveling services, scams emulating Blizzard, etc.I think it would be cool if blizzard made an in-game PIN number that you had to enter before you did anything... Holy ridiculously excessive Batman. The authenticator is enough, the game doesn't need to ask you for an algothrimic key every time you twitch a finger. Unless you're intentionally exaggerating.
You forgot to mention a very common security issue.People more often than not like to use the same e-mail and password for all kinds of activities, such as Internet Forums. These websites don't offer the same level of security as HTTPS websites such as Blizzard's authentication servers, and are commonly attacked.Use a unique set of login/pass for each webservice you use.
I hate to say it, but my account was just hacked this past Friday night... all my toons stripped (I'm assuming) and deleted except two, who were just left naked and broke. I e-mailed Blizz and I'm still waiting to hear something other than basically "we got your email and will get back to you when we have time".I *thought* I was pretty savvy about avoiding scams... running virus scans weekly, not clicking on links, not responding to whispers, not visiting websites, not buying gold or leveling.. What I did do was decide to be a part of something, to help out.. >.< I downloaded a program designed to keep a site's WoW information up-to-date.. yes, I'm talking about the WoWhead client. While I am not certain that it was through that program that the hackers gained access, that's the ONLY thing that I've changed recently... I dl'd the client and was hacked two days later. Coincidence? Maybe, maybe not.But my point is that no matter what you download or how safe you think the site is, there may be code other than what is stated in the description... (BTW, I did email wowhead feedback about the possibility that their client may be compromised but haven't received a reply yet.)
Am I the only one who finds it kinda funny how they say "Blizzard will NEVER ask for your password" yet technically they ask for it every time you log in?That phrase means "A Blizzard employee will NEVER ask for your password".If a legit Blizzard employee wants to make modifications on your account, he or she doesn't need a password. They are the admins, they have full access on the database.Yeah but at some time or another you HAVE to have given SOMEONE at Blizzard your account password, even if it is when you confirmed it!
Am I the only one who finds it kinda funny how they say "Blizzard will NEVER ask for your password" yet technically they ask for it every time you log in?That phrase means "A Blizzard employee will NEVER ask for your password".If a legit Blizzard employee wants to make modifications on your account, he or she doesn't need a password. They are the admins, they have full access on the database.Yeah but at some time or another you HAVE to have given SOMEONE at Blizzard your account password, even if it is when you confirmed it!Umm, no. No you don't. I've helped my brother recover his account twice.
Yeah but at some time or another you HAVE to have given SOMEONE at Blizzard your account password, even if it is when you confirmed it!Not necessarily. Assuming Blizzard uses even basic security in their database, passwords are hashed and even admins cannot view it (though probably someone with developer access could learn what the hash was and decrypt the password field of an account).You might input the password in your screen, but it gets encrypted before it's sent off. The server will take the input and the password, uncrypt both and then compare it (or something, I'm only somewhat familiar with database security). At no point is a human is able to view an uncrypted password, least of all Customer Service who don't even need your password.
Let's just dispel this rumor right now: No Blizzard employee will ever ask for your password under any circumstance. They do not need to know it, nor do they want to. And, yes, our passwords are encrypted to them so that they don't see it.
Damn nice article. I were hacked like 4 times in a row, after that Bizz said that my account could be permanently locked after next hack, so i bought authenticator. After i got this device no matter where i were: porn site, strange site or keygen site (that im sure have most threats) - i wasn't hacked at all.And, yes, our passwords are encrypted to them so that they don't see it.Even encrypted password could be decrypted, well it still take lot of time but it could :)
No one has ever decrypted a hash. It's a digestion of the original data down to something completely incomprehensible and unrecoverable. The WoW client digests your password from the database and compares it to the digested hash value of the password your client sends to the authentication server. Yes, encryption only buys time. If someone needs to decrypt something and there is a way to decrypt it, then anyone with enough time/computing power can eventually decrypt an encrypted message. If anyone has successfully "undigested" a hash value I'd like to know about it.
There's one simple thing you can do to help reduce your risk of getting hacked I haven't seen mentioned.Tick the box that stores your account name.The most common keylogging malware out there simply records keystrokes; yes there are more sophisticated ones out there that take screenshots as well but those are a lot larger and easier to detect for most virus scanners. What this does is eliminate your need to type your account name before typing in your password.Your password isn't much good to a hacker if they don't know your account name!
I got hacked.Never gave any account info to anyone.I run antivirus and firewall software.My account had been inactive for a month before they struck.The moron actually paid money to reactivate my account, and then he/she/they got it banned within about a month.I have my account back, but my characters were looted and their skills dumped. The last person in the chain to try and restore or fix stuff at blizzard blew me off, so don't expect any actual restores from them.How did they get my login info? I don't have a clue. It could have been a driveby webscript that uses security holes to install a keylogger. But then why did it take a month (or more) before they stole my account? My brother suspects an insider at blizzard was doing it to inactive accounts. (He can be a bit paranoid, but I won't completely exclude that option.)As to the Authenticator, has anyone ever seen it in stock? Ever?
our account was hacked not to long ago, but we were able to stop it because we recieved a spoof email with the wrong name. After that, we realized that the programs that can almost "watch" wat you type on the keyboard are what called keylogger software and you can get rid of them with a simple security scan.
The whole battle bot promotion made me wince, because by actually giving out in-game items for entering your information on a website Blizzard gave credibility to many of the scams (for unsophisticated users unlike the present company). And then making your email your account name was part of it too...
I downloaded Blizzard's Mobile Authenticator the day it was released for my iPhone. It's free, and extremely satisfying to know that your account is secure even if your password is in the hands of someone else. I usually have my phone on me at all times, so it's no trouble to enter in an 8-digit code that changes every 15 seconds when I log into World of Warcraft.This also works with the iPod Touch as long as you have a wireless network to sync the app on. If you have an iPhone or iPod Touch, I highly recommend installing and using this app. It could save you your account!