Long story short:

I came home from work and after diner I wanted to log in for a daily. The game told me that my password was wrong and after a few tries I checked the EMail adress I use for my accounts. Ooops one of my toons is banned for "online trading". I never did anything like that but it was the account my aution house chars were on (roughly 300k cash + a few items) so I thought blizzard suspected that the money came from illegal sources. I tried to call them but in europe the phone support seems to be out of order at the moment. Filled in some web page with my complaint and went to watch a movie.
Later tonight I thought that even if one account is banned I can still do my daily on the other accounts. I logged in to find that 2 other chars were robbed basically of everything that is sellable including an empty guild bank.
I contacted a GM and must say that I was very pleased: I was contacted within 5 minutes. He heard my story and understood that I am multiboxing. He promised me that my stuff on all my chars will be back within a day. I just hope he'll be right wenn I log in tomorrow.
First thing I did after logging out was to order 2 authenticators. Until today I never thought that this could happen to me...

Multibox safe - use strong passwords and an authenticator and don't click on every website you come across.

camorra

I'm amazed there are still people who play without authenticators.

/Facepalm

I'm amazed there are still people who play without authenticators.

I don't frequent porn sites or any non-safe site.

My "visit" list includes

here
d2jsp
wow forums
shoryuken
deviantart
warcraftmovies
elitist jerks
arenajunkies
mmo-champion
wowhead
my school's e-mail
hotmail and never get spam there.

I don't think i need an authenticator. I will eventually get one though. My password includes letters, numbers, ascii characters and is the max character length. It would take most brute-force years to get in.

I don't got an authenticator and it's been proven several times that people with authenticators get hacked just as hard. There are just fewer people with them then without, so it's a smaller percentage.

Personally i don't think you can do anything against it, but you can do stupid things to make the odds you get hacked bigger.

Even blizz posted somewhere on the wowforums that it's not hackerproof.

I don't got an authenticator and it's been proven several times that people with authenticators get hacked just as hard.

Source?


Yes, it's not 100% hackerproof, but it's a LOT harder to steal an account with an authenticator than one without.

I don't think i need an authenticator. I will eventually get one though. My password includes letters, numbers, ascii characters and is the max character length. It would take most brute-force years to get in.

Or just one second with a trojan or man in the middle attack. Do you know if your network connection is secure? You sure everyone at your ISP is legit and there isn't a temp willing to make a change to a router to get passwords as they stream by?

Just saying, it isn't just being careful that is enough.

- Souca -

I've seen posts where the authenticator code is essentially stolen as you use it to log in.
You don't actually log in, but then they have a valid code for 30 seconds or so.

Still, a hack/virus/whatever that steals your code in real time, screws over an authenticator or no authenticator.
A more simple key logger, only screws over the no authenticator.

Although I agree, not clicking the suspicious links or visiting warez, hackz, porn, etc, will prevent the hacks too.
It helps to have your B.Net email not used for anything else, anywhere.

I don't frequent porn sites or any non-safe site.


As a porn site webmaster I feel a bit offended by that, but I see your point.

Just in case someone here tries to freeload on porn sites, if you go to password trading sites or search around for pay sites passwords for free you are very likely to get a free virus/trojan/spyware/malware/alien too. This is how paysite passwords trading sites make money since lots of years ago, just now they push bad things even more. Unfortunately some old time clean sites are also moving to pushing viruses and trojans because the bad guys pay more money than legitimate sponsors.

In short... if you want to surf porn safely, either pay for it as you pay for other services or go to the well known big tubes that are usually clean sites... and use an antivirus.

I'm amazed there are still people who play without authenticators.

some of us don't want that hassle for a technology that is still defeated by keyloggers

Well, I was in the "I dont need an Authenticator" crowd until about 2 months ago. I have always been a security freak. Anti-virus, Anti-spyware, always only use Firefox and always keep it up to date, no suspicious websites, and I NEVER gave out my email address.

Yet after all this, I STILL had one of my accounts compromised. And this has been happening to alot of my friends lately as well. No unsafe practices and you still get hacked.

I have no idea how the hell they do it, but they do. I now have an authenticator tied to all 5 accounts, and though it takes a couple of extra minutes to log in, I feel so much safer with it now.

I don't got an authenticator and it's been proven several times that people with authenticators get hacked just as hard. There are just fewer people with them then without, so it's a smaller percentage.
As posted earlier in this thread...please back this statement up with some real proof please.


some of us don't want that hassle for a technology that is still defeated by keyloggers
It is called a Man in the Middle Attack (http://en.wikipedia.org/wiki/Man-in-the-middle_attack). It's not some simple keylogger. If you would've had an authenticator on your accounts you may have not been hacked in the first place.

I was against an authenticator for quite a while. But now I am for it. Almost to the point, where I want to blame the people getting hacked if you don't have one. People are telling you they get hacked. People aren't complaining, "I have an authenticator and I got hacked." It has only been the people without them. I don't care about .0001% of the people that can still get hacked with an authenticator. You can't stop everything, but how much time and effort did you put into keeping your stuff? Again, how much time and effort did you put into keeping your stuff? If you put in 3% by not going to a bad website, fine. But don't complain when an add on that good website gives you a keylogger and you get hacked.

I really don't feel bad for the people that heard so many people get hacked, that then say, "I don't need an authenticator" and then get hacked themselves. It sucks that the OP got hacked and that isn't fair, but everyone else has fair warning, get an authenticator even if you are a safe person.

I don't need anti-virus, I use magic-safe-browser.
I don't need an airbag or seatbelt, I drive safe. What about the other idiots that don't.
I don't need to stop smoking or excessive drinking. There isn't 100% proof they are bad. Keep saying that to the people that do die from it.
I don't need to use a condom. I can time when to be careful. Say that to the all the surprise babies or diseases.

People are telling you over and over you need more than just being careful. If you don't listen. Don't expect any suprise on our part if you get hacked.

It's a contradiction in terminis when people that use windows as their operating system talk about taking security measures. Moving away from windows is the best security upgrade you can make.


I don't frequent porn sites or any non-safe site.

My "visit" list includes

...
wow forums
shoryuken
deviantart
warcraftmovies
elitist jerks
arenajunkies
mmo-champion
...

I don't think i need an authenticator. I will eventually get one though. My password includes letters, numbers, ascii characters and is the max character length. It would take most brute-force years to get in.

MMO champ got hacked (http://www.mmo-champion.com/news-2/oh-god-mmo-champion-got-hacked/)just a couple of weeks ago. Basically a virus searches for FTP logins on ones computer, then edits web files on the ftp server with javascript, and whenever that file (ie. website) is being accessed, the javascript tries to run an applet that installs the virus on the machine of the visitor. And besides reproducing itself such a virus could install other nasty stuff as well.

Same story with the flash exploit where 'legit' sites that run flash based ads have infected users beyond their knowledge.

My point being: trusting the website owners might give you a false 'im safe' feeling. There are other things you can do on your side to minimize troubles (disable java applets, flash, ...)

Another thing to keep in mind, while they can log in with your auth code if they do a man in the middle attack, they can NOT remove your auth without having physical access it to read the serial number printed on the back of it. While they do get one log in with this method, once you request the password be reset (even if they have changed it), they no longer have access until they steal your code in real-time again.

This pattern will set off alarms very quickly and the account will get locked. It's all a matter of degrees of safety. Without an auth, they will get your account, put an auth on it, and then YOU MUST PROVE IT IS YOUR ACCOUNT while they ransack it. With an auth, they mere get your login session, not your account. When you call in, if you can give the phone techs an authenticator code, things go much quicker.

In summary, having an auth makes the hacker's job so much harder and your job of recovery that much easier. Add up the time you will spend getting everything back after a hack and divide it by 10 seconds; that's how many logins you have to make between hacks for it to be quicker to not have an auth in the long run. It took about a week to get everything back on my one hacked account, and that was fast.

Go here (http://us.blizzard.com/store/details.xml?id=1100000822)and save yourself a week or more.

- Souca -

I don't got an authenticator and it's been proven several times that people with authenticators get hacked just as hard. There are just fewer people with them then without, so it's a smaller percentage.

Personally i don't think you can do anything against it, but you can do stupid things to make the odds you get hacked bigger.

Even blizz posted somewhere on the wowforums that it's not hackerproof.

IIRC, its not 100% safe if you have a jailbroken iphone and using the authenticator. So, if you have jailbroken your phone, just order a reg authenticator.

Wasn't there a Trojan/ virus on some NFL playoff website that targeted WOW accounts a few years back, similar to the MMO-champs thing?

There's no reason not to have an authenticator. I bet they even throw them in with the new expansion for free in the box. Would be a smart thing for Blizz to do imho.

But for right now they're like 7$ US with free shipping and you get a free pet to boot if you care about that sort of thing. A small fee to protect your 100$'s invested and 100's of hours of time. Might take an extra minute to login but it takes a hell of a lot more time to recover a stolen account.

If you open yourself to a man in the middle attack in the first place. That person is probably not computer savy in the least and would end up hacked no matter what. Despite claims that these man in the middle attacks are going on I have yet to see one post on the Blizz Forums backing this up. Every post on the Blizz/Customer service forums of a person being hacked none had an authenticator.

I mean I've scoured the Blizz forums over with searches and see not one claim of being hacked WITH an authenticator attached.

Despite claims that these man in the middle attacks are going on I have yet to see one post on the Blizz Forums backing this up. Every post on the Blizz/Customer service forums of a person being hacked none had an authenticator.

I mean I've scoured the Blizz forums over with searches and see not one claim of being hacked WITH an authenticator attached.
http://forums.wow-europe.com/thread.html?topicId=12730404058

It is called a Man in the Middle Attack (http://en.wikipedia.org/wiki/Man-in-the-middle_attack). It's not some simple keylogger.

Thanks for the clarification, and the link too

http://forums.wow-europe.com/thread.html?topicId=12730404058

Thanks for the link. I'm kind of sad that one of the methods I mentioned got used. I still say the authenticator is worth it having. You'll notice the OP spent a lot less time re-securing their account, so clearly they still saw a benefit in having one. Had they not had an authenticator, they'd have wasted a couple of days on the phone trying to prove to Blizzard they were the account owner. Some people do get VD from toilet seats, but I still think more people get it by not wearing a condom when they should.

- Souca -

Thanks for the link! Much appreciated. Explains why I couldn't find it- I was looking on the US forums :) Always forget EU has much better info generally.

After reading the thread- it really seems to me the person who got hacked downloaded the actual file to their own PC. Being very careless.

The link i ment was a post BY a blizzard poster warning that you can even get hacked with an authenticator.
I read forums quite often and i'm sure there has been a boxer here who's job it was to protect company's networks against trojans etc. Guess what?

he got hacked.

The point i'm trying to make is, that i seems there just isn't anything you can do against it. Only increase the odds you get hacked. If you got an authenticator and you get hacked while you're online yourself, or shortly after, then it's usefull to be able to lock the account up. Totally agree. But if you're not and once you notice you're hacked, you're allready bankrupt, then what does it add?

I happily save me the time & money. + i'm somewhat lazy ;)

Another thread where people argue about authenticators

DENIED


Too many threads about this already.


Sorry you got hacked, glad you got an authenticator.