Sorry for the long post.......................

My account(s) were recently hijacked and I was hoping to get some advice from the group here on what can be done in order to get some (if any) of my items back & of course the gold in my acct.

I have 6 accounts associated with the so called "new and improved" Battle.Net accounting system. I have no idea how the account was compromised. I have never shared these accounts with anyone.
I recently did a new install of Win7 Pro along with a AV program a few weeks back, but other than that nothing out of the ordinary.

@ 1:10am (email timestamp)
I rec'd an email stating "Your password has recently been modified through the Account Management website"
=====
@ 4:20am
Account Name: XXXXXXX

Account Action: 3 hour suspension and password reset
Reason for Action: In-Game Chat Policy Violation - Advertisement and Spamming
======
@ 4:22am
Battle.net Account - Password Reset

We have reset the password for the Battle.net account associated with this email address. To choose a new password, please click the following link and follow the instructions:
=====

I immediately sent an email to Blizzard explaining what had happened, then I had to wait a few more hours for the accounting department to open up so I could follow-up with a phone call.
After waiting literally 55 minutes on hold, I spoke to a acct rep.

The Good news..... I got back control of my account(s) (The hackers had even placed a Blizzard Authenticator on there!)
Most of my toons were still there, although a few were deleted on my main account.

The Bad news: A few toons on my main account were deleted, Guild bank was stripped of all valuabe items, ALL the guild's gold was gone, ALL remaining toons were stripped of thier gear/bank items/bags & gold

As noted, most of the damage was done on my main account, and in the short time frame this happened they managed to create (25) Level 1 toons across (13) different US servers & (12) Oceanic servers.



Since I've already done the obvious
1) Is there any hope of getting some of my gear/items back?
2) Must I create an in-game ticket for each and every toon that was affected?


I'd appreciate any insight any of you may have here regarding this issue.



Thanks

1) Yes: create an in game ticket
2) No: usually one per account is enough

If you havent shared your account , you either got hacked by a man in the middle while reading forums or you got a keylogger on one of the machines which you either read forums on or on you wow computers. i would advice you to get a authenticator , even tough a keylogger snatches your password and code it will only be available for them in 30 secs.

This is why its very important to have an authenticator already on your account. Sure it can be an annoyance at times, but the added security outweigh the any annoyance. Even if you have 5 seperate battlenet accounts you can use the same authenticator on all 5.

If you havent shared your account , you either got hacked by a man in the middle while reading forums or you got a keylogger on one of the machines which you either read forums on or on you wow computers. i would advice you to get a authenticator , even tough a keylogger snatches your password and code it will only be available for them in 30 secs.

I'm very pro-active on security and as an ironic twist to this I had recently reported 2 different in-game messages sent to me about "so-called" get your xmas free mount or whatever, that I had sent those sites to blizzard reporting the offending website. The thing is, I didn't access that site on my WoW computer (I only play/MB from 1 computer) I accessed it from a seperate computer and the only commonality is that they are on the same LAN.

I agree with you totally, keylogger or a middleman, though the latter seems remote. I'll do a full scan again when I can, in the meantime I'll play from the Macbook :)

This is why its very important to have an authenticator already on your account. Sure it can be an annoyance at times, but the added security outweigh the any annoyance. Even if you have 5 seperate battlenet accounts you can use the same authenticator on all 5.

Agreed!
I'll b getting that asap.

can someone define or elaborate on this "Man in the middle" method of hacking? I just recently got hacked as well. The box i play with has nothing but wow, and vent on it. I only use the web to download addons and do research for the game.

can someone define or elaborate on this "Man in the middle" method of hacking? I just recently got hacked as well. The box i play with has nothing but wow, and vent on it. I only use the web to download addons and do research for the game.

Without getting too in-depth, the middle man refers to intercepting traffic/communication between the source (server) and destination (client, your PC). This basically has to do with unencrypted internet traffic (http://) (http://%29) as opposed to encrypted traffic (https://) (https://%29)

It CAN happen via an exploited Router (BGP attack) for example.

In my case I lean toward the kelogger issue, I'm just not sure it was transmitted across my LAN at home. I'll investigate it further.

The thing is, I didn't access that site on my WoW computer (I only play/MB from 1 computer) I accessed it from a seperate computer and the only commonality is that they are on the same LAN.

They got into your email account and reset the password of your account via the Blizzard lost password tool. This means your email account was compromised, not your Battle Net account. Where and how you log into WoW is irrelevant, it is how and where you log into your email account.

They got into your email account and reset the password of your account via the Blizzard lost password tool. This means your email account was compromised, not your Battle Net account. Where and how you log into WoW is irrelevant, it is how and where you log into your email account.

Agreed, that is why I do not use my reg email for wow..I use one that is not connected to my reg email in any way shape or form, (friends, sites that require an email to register etc)and I use my wow email for wow only. This way if I desire to register to a site, then my wow email is not compromised.

After reading a couple of these kind of threads, I got myself an authenticator. It's a bit annoying that you have to enter the 6 digit code on each wow client and have to wait a bit in between the generation of the 6 digit code, but its nothing compared to get your stuff deleted....

I hope you get your stuff back. I would love to kick the people who hack wow accounts in the nuts.

After reading a couple of these kind of threads, I got myself an authenticator. It's a bit annoying that you have to enter the 6 digit code on each wow client and have to wait a bit in between the generation of the 6 digit code, but its nothing compared to get your stuff deleted....

Indeed.

Stupidely, I was stubborn enough to not get an authenticator only after I had one of my accounts hacked. You know, "I never bought or sold gold, I do only WoW and a bit of web (not even mail) on that machine, nobody but me knows my password, blah blah ...", so I have nothing to fear.

I got everything restored within a couple of days. Blizzard seems to be very good at that.

The irony is that the authenticator is only available from the blizzard store. There doesn't seem to be any real life shop where they sell it. Meaning I'm forced to give out my credit card information in order to have better security.

Keeping my private info private & never buying something online with my plastic is my first line of defence against hackers though.

The irony is that the authenticator is only available from the blizzard store. There doesn't seem to be any real life shop where they sell it. Meaning I'm forced to give out my credit card information in order to have better security.

Keeping my private info private & never buying something online with my plastic is my first line of defence against hackers though.

iTunes has it available for free (iPhone or iTouch only), I placed it on the iTouch and it works great. It's available for a few other mobile devices HERE (http://mobile.blizzard.com/shared/blizzard_download.php?cont=401&id=2183&title=Battlenet-Mobile-Authenticator&country=us&lang=en) it's only .99 cents



(http://mobile.blizzard.com/shared/blizzard_download.php?cont=401&id=2183&title=Battlenet-Mobile-Authenticator&country=us&lang=en)

iTunes has it available for free (iPhone or iTouch only), I placed it on the iTouch and it works great. It's available for a few other mobile devices HERE (http://mobile.blizzard.com/shared/blizzard_download.php?cont=401&id=2183&title=Battlenet-Mobile-Authenticator&country=us&lang=en) it's only .99 cents

Thanks, but it seems my phone ain't supported. Figured as much as my phone is gonna be worth a lot of money in a few years, just like all antique. Besides answering an occasional call I never use it. I can even step on it when I'm drink. It never lets me down.

Must admit that the phone app is a very nice tool though.

Would prefer to just go to the store and buy it. Maybe in the future. Or i'll just have to use my plastic :/

It's not really that easy to have a keylogger end up on your machine. Either you are very unlucky or clicked something you shouldn't have.

A lot of people just willingly give up their password by signing up on a website/blog/forums. This trick has been around for over a decade. You sign up on their site using your usual email and password, and trust the site owner to not use it. Much more common than keyloggers.

It's not really that easy to have a keylogger end up on your machine. Either you are very unlucky or clicked something you shouldn't have.

A lot of people just willingly give up their password by signing up on a website/blog/forums. This trick has been around for over a decade. You sign up on their site using your usual email and password, and trust the site owner to not use it. Much more common than keyloggers.

Which is why you should have a trash password for forums, fan sites, etc and separate passwords for things you care about like banking, email, paypal, wow accounts, etc. This is basic internet security 101.

Thanks, but it seems my phone ain't supported. Figured as much as my phone is gonna be worth a lot of money in a few years, just like all antique. Besides answering an occasional call I never use it. I can even step on it when I'm drink. It never lets me down.

Must admit that the phone app is a very nice tool though.

Would prefer to just go to the store and buy it. Maybe in the future. Or i'll just have to use my plastic :/


You can go to places like Walmart or a Check Cashing Store and get a prepaid credit card and use that to purchase an authenticator if you don't want to use real plastic.

Or if you have Paypal, you can use your credit card through them, and not have the number revealed to the store you are sending your payment to.

As for email, gmail and paid yahooo mail both allow you to work on a secure connection, https, so your info will not be out in the open or in clear text. Gmail is nice in that you can switch to secure mode forever if you want. This coupled with an authenticator should do the trick, at least I hope. Using CC on sites is not a big deal, they are required to be on a secure encrypted connection with certificates to authenticate the connection.

Thanks, but it seems my phone ain't supported. Figured as much as my phone is gonna be worth a lot of money in a few years, just like all antique. Besides answering an occasional call I never use it. I can even step on it when I'm drink. It never lets me down.

Must admit that the phone app is a very nice tool though.

Would prefer to just go to the store and buy it. Maybe in the future. Or i'll just have to use my plastic :/

Pick up a prepaid Visa card to get around this. Or, open up a separate account that you use only for online purchases and only fund it for the amount you are going to use for that purchase at that time (this was recommended to me by Wells Fargo after someone stole my check card number).

Update......

As of this message, all but one toon has been restored. (this particular toon was on a different realm and had not been played in quite some time) All of the guild's bank items/gold/toons gear/toons gold/bank items, ect.... have been sent back to each via in-game e-mail.

It's difficult to actually determine if anything was left out, but I'd say that Blizzard has done a great job at fixing this issue and returning the items that were stolen.

Now............ to try and figure out what actually caused this in the first place.

I do know that I do not frequent ANY sites that could have captured any info that may have compromised my WoW account. As mentioned in my initial post... I am a strong advocate of security software and keeping current A/V software up to date as well as firewall software on my system. That's what makes this difficult to solve. Some have said my e-mail account had been compromised, others believe there may have been a keylogger installed on my system, none of which I want to believe, but one thing is for sure, my WoW account was hacked.

I don't have the answers yet, but I'm going to dig into it as far as I can to try figure what went wrong. If I do find what exactly happened or probably happened I'll post it back here.

Thanks to all who responded/contributed to this thread, hopefully it'll not happen to anyone else.



Best regards

Ñightsham (http://www.dual-boxing.com/member.php?u=27809)

Update......

As of this message, all but one toon has been restored. (this particular toon was on a different realm and had not been played in quite some time) All of the guild's bank items/gold/toons gear/toons gold/bank items, ect.... have been sent back to each via in-game e-mail.

It's difficult to actually determine if anything was left out, but I'd say that Blizzard has done a great job at fixing this issue and returning the items that were stolen.

Now............ to try and figure out what actually caused this in the first place.

I do know that I do not frequent ANY sites that could have captured any info that may have compromised my WoW account. As mentioned in my initial post... I am a strong advocate of security software and keeping current A/V software up to date as well as firewall software on my system. That's what makes this difficult to solve. Some have said my e-mail account had been compromised, others believe there may have been a keylogger installed on my system, none of which I want to believe, but one thing is for sure, my WoW account was hacked.

I don't have the answers yet, but I'm going to dig into it as far as I can to try figure what went wrong. If I do find what exactly happened or probably happened I'll post it back here.

Thanks to all who responded/contributed to this thread, hopefully it'll not happen to anyone else.



Best regards

Ñightsham (http://www.dual-boxing.com/member.php?u=27809)

One tip: the GMs on the WoW customer service forums have mentioned several times they are on the lookout for a keylogger that only runs when the WoW Loader.exe is running, and it's a nasty one. Start up Loader, and run your scans. They are asking for people to let them know when they find it.

You could have also gotten on via Flash or another vulnerability. They are *everywhere* these days, and not just for WoW, they're out there for other games, and more seriously, for bank accounts and PayPal accounts.

You mentioned something in your original post about Battlenet - I hope you don't think it's the cause. Battlenet is not causing people to be hacked, but the douchebags ARE using it to lock down accounts when they steal them. But, there is not one reported case of an exploit happening because of Battlenet. BNet may in fact be a huge boon to players, because it's almost impossible to have an account detached, unless you can prove you own the account.

The Authenticator is THE number one solution to the problem, if you don't use it, you're just playing with fire. If you can't afford it, put it at the top of your xmas list.

I use a Mac, and I still use an Authenticator, the iPhone version. The Flash vulnerability showed that they can get to Macs, and it's only a matter of time before they figure it out and start stealing more Mac based accounts. There's too much money involved to ignore all the Macs. I suspect they've been trying things in the ads served to the forum over at WoW, because every week or so, going there will crash my Mac (running Firefox) when it tries to load the ads. It will clear up eventually after a day or so. I *never* crash in Firefox, and I go to a lot of sites daily, even more weekly. The Wow forums are the only place I have *ever* had Firefox crash. (Safari crashes, but it's a POS browser)

......... I hope you don't think it's the cause. Battlenet is not causing people to be hacked, but the douchebags ARE using it to lock down accounts when they steal them. But, there is not one reported case of an exploit happening because of Battlenet. BNet may in fact be a huge boon to players, because it's almost impossible to have an account detached, unless you can prove you own the account.
What I meant by that statement was the fact that I had to merge all the accounts into one. (yeah, I could have kept them all under seperate logins, but having five more email adresses would have been a pain IMO) Just makes it a single point of vulnerability for all my accts is what I was getting at.


The Authenticator is THE number one solution to the problem, if you don't use it, you're just playing with fire. If you can't afford it, put it at the top of your xmas list.
Agreed....$20 is cheap insurance for time/money invested in playing this game.


I use a Mac, and I still use an Authenticator, the iPhone version. The Flash vulnerability showed that they can get to Macs, and it's only a matter of time before they figure it out and start stealing more Mac based accounts. There's too much money involved to ignore all the Macs. I suspect they've been trying things in the ads served to the forum over at WoW, because every week or so, going there will crash my Mac (running Firefox) when it tries to load the ads. It will clear up eventually after a day or so. I *never* crash in Firefox, and I go to a lot of sites daily, even more weekly. The Wow forums are the only place I have *ever* had Firefox crash. (Safari crashes, but it's a POS browser)

When on the road traveling (as I am atm) I use my MacBook Pro to play and also use FF/TB for surfing and mail. No issues on this OS thus far, but like you said, it's coming.
BTW what A/V do you use on you MAC (McAfee?)

Call blizzard and prove the secret question they ask. They change the email and send you a new password.

I'm very pro-active on security and as an ironic twist to this I had recently reported 2 different in-game messages sent to me about "so-called" get your xmas free mount or whatever, that I had sent those sites to blizzard reporting the offending website. The thing is, I didn't access that site on my WoW computer (I only play/MB from 1 computer) I accessed it from a seperate computer and the only commonality is that they are on the same LAN.

I agree with you totally, keylogger or a middleman, though the latter seems remote. I'll do a full scan again when I can, in the meantime I'll play from the Macbook :)

You actually went to the link they sent you. THAT is why you got hacked, because you went to it on any computer at all.

NEVER go to any link from any scam message, EVER. It's just not worth it even to see what it looks like.

Anyone knows if battle net uses any effective anti brute force techniques?

As for email, gmail and paid yahooo mail both allow you to work on a secure connection, https, so your info will not be out in the open or in clear text. Gmail is nice in that you can switch to secure mode forever if you want. This coupled with an authenticator should do the trick, at least I hope. Using CC on sites is not a big deal, they are required to be on a secure encrypted connection with certificates to authenticate the connection.

Thanks for this tip! I never realized my gmail was not in https 100% of the time...now it is. But still, I sleep easy knowing my wow accounts are all protected by an authenticator. Got hacked once, WAY back and as soon as the authenticators were available to Canada I got one.

My story...if interested. I'd recently changed emails and had gone through the process of updating my various accounts and stuff to my new email. I was on a WOW break so I never actually changed my WOW email. Somehow somebody got my password/login, and since I'd been doing so many email changes, when my old email showed up with a "change wow account email address" message, I just clicked the link to confirm it without realizing it was setting it to somebody else's email. That's the last I heard of it.

About 10 months later, I go to login to wow to reactivate my account, lo and behold the password doesn't work. So I request a reset...then I notice it's sending it to a different email address because it ASKS for your email and account name, and it said it couldn't find my account/email combination.

Telephone call to blizzard yields that the account was jacked 10 months back, and swiftly got banned for economy exploitation. They restored it, reset the email and password for me, and told me to submit an in-game ticket for any missing gold/items.

Well I did, because my entire bank of 18-slotters worth of 40-man raid epics and 25-man BC raid epics was gone, all my gear was disenchanted (toon was an enchanter), tons of extra L1 toons everywhere, etc etc. I compiled a VERY long list of missing gold/items, in-game ticket length is limited so I just submitted a ticket asking for an email address I can submit my long list to.

They give me an email and a reference number or something...yes the email is at blizzard.com, and yes the reply came from a Game Master in-game so I send off the email.

Two weeks later I get a reply email, "Sorry, since your loss occurred so long in the past we are unable to verify your loss of items and/or gold. We cannot provide a restoration at this time..."

So I had two naked & broke L70's, stranded on a server (my guild had disbanded and the few RL friends still playing played elsewhere), plus a slew of other naked/broke toons at various levels. Not wanting to buy gold or beg for handouts from strangers, I just started fresh on Shadowsong Horde where a friend played (was alliance-nathrezim previously).

When faction transfers came live, I transferred over one of the 70's, geared her up in BOE's, leveled her, and she's now my main raiding toon :)

You actually went to the link they sent you. THAT is why you got hacked, because you went to it on any computer at all.

NEVER go to any link from any scam message, EVER. It's just not worth it even to see what it looks like.

I do routine testting of Anivirus & Firewall software, thus the reason why I went there.
Beta testing VIPRE Premium now.

Call blizzard and prove the secret question they ask. They change the email and send you a new password.

It's funny, that they sent me 6 password changes for the combined account. One would think that the single email address would suffice for a password reset. (since they're all combined now)