I logged into my Pally/DK team this morning, and much to my dismay they were all stripped, and all the rest of my toons were stripped as well. I immediatly logged my wifes laptop into battle.net and changed the account password, and notified blizzard via email. I then logged into my email account for my battlenet account, and had 7 emails from blizz, first 3 were password change notices, all within 10 minutes, then a "Account locked due to suspicious activity" Email from bliz, followed by 3 more password change notices over a 15 min period, followed by another "Account locked due to suspicious activity" email from blizz, and I was able to log in w/ my reg password somehow??? I'm a bit confused as to the hackers methodology , and more confused that I was able to log in w/ my original password. Anyone have insite on how / why they were changing my password so often???


Deadguy

i'd assume the workflow the hackers use is all scripted, and might have bugged or something

Authenticator.

Authenticator.

Get one.

Get one.


Authenticator question... W/ 5 accounts, how fast can I log in? a new code is generated w/ the push of the button? or is there a "cooldown" on how fast codes are generated?

Authenticator question... W/ 5 accounts, how fast can I log in? a new code is generated w/ the push of the button? or is there a "cooldown" on how fast codes are generated?

I have my 5 accounts across 5 separate battle.net accounts. The same authenticator can be linked to all 5, and then I can broadcast the same single code to all 5 when logging in.

If you have 5 accounts on 1 battle.net account, then you have to wait for a new code to generate every 30 seconds for each account.

Authenticator question... W/ 5 accounts, how fast can I log in? a new code is generated w/ the push of the button? or is there a "cooldown" on how fast codes are generated?

I use the application authenticator and the codes refresh in about 30 seconds so it takes between 2-3 minutes to log five accounts in but there is no real alternative in my opinion.

Authenticator question... W/ 5 accounts, how fast can I log in? a new code is generated w/ the push of the button? or is there a "cooldown" on how fast codes are generated?

If all toons are on one BattleNet account, log ins are slow, requiring a new code per account. However accounts can be split up for instant login without cooldown.


As multiboxers there is little excuse to not protect your investment through a six dollar authenticator.

I have my 5 accounts across 5 separate battle.net accounts. The same authenticator can be linked to all 5, and then I can broadcast the same single code to all 5 when logging in.

The only reason I wouldn't do it this way myself is that if you don't log in with all your accounts every time you type in your authenticator code you leave the idle account(s) open to attack.

Those emails if you click the link is how they get your info those arent real blizz emails

The only reason I wouldn't do it this way myself is that if you don't log in with all your accounts every time you type in your authenticator code you leave the idle account(s) open to attack.
Once you put the authenticator on each account, it cannot be logged into without one. There is no "idle" risk.

Once you put the authenticator on each account, it cannot be logged into without one. There is no "idle" risk.

If you log on to 2 of your 5 accounts, and the hacker is key logging you.
The hacker can log on to the remaining 3 "idle" accounts using the just typed authenticator code.

There is a risk, pretty small risk IMO but a risk.
The hacker has to know your a multiboxer and the relationship of the accounts.
I doubt Multiboxers are a large enough population for hackers to target.

The only reason I wouldn't do it this way myself is that if you don't log in with all your accounts every time you type in your authenticator code you leave the idle account(s) open to attack.

Why wouldn't you log into your account once you typed in the authenticator code immediately?

Authenticators are a layer of protection and we've hashed it out on these boards time and time again. You're safer with an authenticator than without one.

There's been like 1-2 claims ever of someone being hacked with an authenticator on their account. Those claims weren't even verified to be real or if that's how they were hacked. There seem to be an anti-authenticator army that goes around that spread lots of nonsense.

Bottom line buy an authenticator and be safe or run without one and take your chances.

If you have your accounts on multiple battle net account you can log them all in with one authenticator code, no problem.

If you have all your accounts on the same battle net account you will need a new code to log each account in (takes 30 seconds between each one, goes by faster than you may think).
As long as you hit enter after typing it in and log in with it, even a keylogger (except the infamous man in the middle attack) would not be able to use to code to log in anywhere else (unless your accounts were on different battle net accounts). But if you have a keylogger on your computer you should not keep logging in anyway.
When you are logging each account in, stop each one at the character selection screen until all are at it if you are worried about getting attacked in pvp when you log in, then when everyone is at the char select screen, broadcast hitting enter to all log fully into the game at the same time.

Authenticator save my accounts from being hacked about 2 weeks ago. I had been hacked a couple years back, which prompted my buying the auth. in the first place.

Interestingly, my gmail account was hacked, and the hacker did a password reset, picked it up out of my mail, and tried to log in. The auth page stopped them, obviously. Google reported that my gmail account had been accessed from China, New York, and Alabama all within a 12 hour period.

Now I use KeePass as an extra layer of protection for all my non-wow accounts. The authenticator still works to protect that. I wish I could get an authenticator that I could bind to other things like my bank, email, etc.

With the authenticator now available as a free app for iPhone, et al. there is no real justifiable reason to not have on, IMHO.

--Tutunkommon


*Note: Why is there no "preview post" button on the quick reply?

I just started getting a ton of VERY GOOD phishing emails over the past couple weeks. These are getting GOOD. I honestly can't tell if some are real or not other than I login directly to battle.net or my wow account and don't see any thing out of whack. I get notices of server transfers in progress, faction transfers, account password changes, and other mysterious activity. I DO have an authenticator and I suspect they just picked up my email some how. I doubt i have a keylogger because I do have one account I use that doesn't have an authenticator and it has not been hacked yet.

I think one thing that helps with Phishing emails is to setup a brand new email account that is only used for WoW, never use it for anything else. You will notice that all the phishing emails will go to the old WoW email but not the new one.
I did this following being hacked (believe it was a trojan but no viruse scanner caught it) and I never get email on the WoW account, TONS on the old account masquerading as Blizz.

I just started getting a ton of VERY GOOD phishing emails over the past couple weeks. These are getting GOOD. I honestly can't tell if some are real or not other than I login directly to battle.net or my wow account and don't see any thing out of whack. I get notices of server transfers in progress, faction transfers, account password changes, and other mysterious activity. I DO have an authenticator and I suspect they just picked up my email some how. I doubt i have a keylogger because I do have one account I use that doesn't have an authenticator and it has not been hacked yet.

Not sure what email program you use, but I use Outlook Express. In "Edit", there is an option (yeah, like 3 other ways to get to it) to see "View Source". It lets you see 100% of the email, not just the pretty stuff. Guess what shows up as the orginaltion of fake emails, the domain of the person starting it. Always overseas. If you EVER get an email from Blizzard view source it. It only takes like 10 secs. Also, like others have said:

DON"T click links in emails, ever. EVER. Just go to the place they tell you to go. Type in blizzard.net, type in ebay.com, etc.

DON"T use a normal email for WOW or SC2. It isn't worth it. Just get a new email address from the same place. Think of it like a business, would you put your business funds in your personal bank account? Then get a different one to keep it in.

GET an authenticator. You might not like it, but until you a show numbers of people getting hacked with an authenticator, it is doing way more than you people without one were doing before. Think of it like this, how bad do you want your stuff. If you leave your stuff unlocked, you must not want it really bad. Don't get mad at people that wanted your stuff more than you tried to stop them. Try to stop them harder.

To view headers in Gmail, there's a little arrow directly to the right of the Reply icon at the top of the message. For Yahoo, it's under Actions

http://img197.imageshack.us/img197/156/gmailz.th.jpg (http://img197.imageshack.us/i/gmailz.jpg/) http://img204.imageshack.us/img204/1641/yahooy.th.jpg (http://img204.imageshack.us/i/yahooy.jpg/)


These are the headers of a FAKE email -


Delivered-To: REMOVED
Received: by IP REMOVED with SMTP id f62cs270219wec;
Tue, 17 Aug 2010 14:54:02 -0700 (PDT)
Received: by IP REMOVED with SMTP id k13mr6478922ebd.77.1282082042224;
Tue, 17 Aug 2010 14:54:02 -0700 (PDT)
Return-Path: <USERIDREMOVED@hotmail.com>
Received: from blu0-omc4-s23.blu0.hotmail.com (blu0-omc4-s23.blu0.hotmail.com [65.55.111.162])
by mx.google.com with ESMTP id q12si19534313eeh.65.2010.08.17.14.54.01;
Tue, 17 Aug 2010 14:54:02 -0700 (PDT)
Received-SPF: pass (google.com: domain of USERIDREMOVED@hotmail.com designates 65.55.111.162 as permitted sender) client-ip=65.55.111.162;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of USERIDREMOVED@hotmail.com designates 65.55.111.162 as permitted sender) smtp.mail=USERIDREMOVED@hotmail.com
Received: from BLU0-SMTP68 ([65.55.111.137]) by blu0-omc4-s23.blu0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4675);
Tue, 17 Aug 2010 14:53:25 -0700
X-Originating-IP: [222.69.163.23]
X-Originating-Email: [USERIDREMOVED@hotmail.com]
Message-ID: <BLU0-SMTP6874809CB35A732CF51708EE9C0@phx.gbl>
Return-Path: USERIDREMOVED @hotmail.com
Received: from mq ([222.69.163.23]) by BLU0-SMTP68.blu0.hotmail.com over TLS secured channel with Microsoft SMTPSVC(6.0.3790.4675);
Tue, 17 Aug 2010 14:53:21 -0700
Reply-To: <wowaccountadmin@blizzard.com>
From: "Blizzard Entertainment" <wowaccountadmin@blizzard.com>
To: REMOVED
Subject: Suspicious Activity - Illegal IP Warning
Date: Tue, 17 Aug 2010 15:32:40 +0800
MIME-Version: 1.0
Content-Type: multipart/alternative;

This is a header from a REAL Blizzard email


Delivered-To: REMOVED
Received: by IP REMOVED with SMTP id b16cs934fap;
Thu, 12 Aug 2010 22:37:57 -0700 (PDT)
Received: by IP REMOVED with SMTP id e20mr930194wfd.83.1281677876071;
Thu, 12 Aug 2010 22:37:56 -0700 (PDT)
Return-Path: <donotreply@blizzard.com>
Received: from mx1.blizzard.com (mx1.blizzard.com [12.130.201.11])
by mx.google.com with ESMTP id l15si5191818wfe.92.2010.08.12.22.37.55;
Thu, 12 Aug 2010 22:37:56 -0700 (PDT)
Received-SPF: pass (google.com: domain of donotreply@blizzard.com designates 12.130.201.11 as permitted sender) client-ip=12.130.201.11;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of donotreply@blizzard.com designates 12.130.201.11 as permitted sender) smtp.mail=donotreply@blizzard.com
X-IronPort-AV: E=Sophos;i="4.55,361,1278313200";
d="scan'208";a="52117341"
Received: from irvex202-nlb.corp.blizzard.net (HELO IRVEX202.corp.blizzard.net) ([10.130.14.22])
by mx1.blizzard.com with ESMTP; 12 Aug 2010 22:37:55 -0700
Received: from IRVEX012.corp.blizzard.net (10.130.0.217) by
IRVEX202.corp.blizzard.net (10.130.14.21) with Microsoft SMTP Server (TLS) id
8.2.254.0; Thu, 12 Aug 2010 22:37:55 -0700
Received: from NAMX01.blizzard.com (192.168.69.10) by
IRVEX012.corp.blizzard.net (10.130.0.217) with Microsoft SMTP Server id
8.2.254.0; Thu, 12 Aug 2010 22:37:54 -0700
Received: from ob4.blizzard.com ([192.168.69.10]) by NAMX01.blizzard.com with
Microsoft SMTPSVC(6.0.3790.3959); Thu, 12 Aug 2010 22:37:54 -0700
Received: from yourjvrgp4jtdb ([10.44.1.61]) by ob4.blizzard.com with
Microsoft SMTPSVC(6.0.3790.3959); Thu, 12 Aug 2010 22:37:54 -0700
thread-index: Acs6qOCKOmlNHpkaQFSfJo3584BW5A==
Thread-Topic: Blizzard Entertainment Hacks/Piracy Report
From: <donotreply@blizzard.com>
To: REMOVED
CC:
BCC:
Subject: Blizzard Entertainment Hacks/Piracy Report
Date: Thu, 12 Aug 2010 22:32:10 -0700
Message-ID: <cd80a01cb3aa8$e08a0710$3d012c0a@yourjvrgp4jtdb>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft CDO for Windows 2000
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.1830
Return-Path: donotreply @blizzard.com
X-OriginalArrivalTime: 13 Aug 2010 05:37:54.0523 (UTC) FILETIME=[AD84B2B0:01CB3AA9]

You should see a valid Blizzard address in the Return-Path and Received: from should reflect Blizzard servers. Blizzard doesn't use freemail, they have enough money and tech to run their own mail servers.

You can also hover your mouse over the links in the email that you receive. While the link in the email may look like a Blizzard site, your browser's status bar will show you the REAL address it's sending you to. See here (http://www.dual-boxing.com/showpost.php?p=201609&postcount=5) and here (http://www.dual-boxing.com/showpost.php?p=270520&postcount=4). Better safe than sorry, always manually access your account by going to an official Blizzard site instead of following links in emails.

Scam emails can be forwarded with full headers to hacks@blizzard.com.

also Yahoo have it on the bottom of the message screen. Yahoo has let several of these into my account, but none of my WoW are linked to Yahoo. I tried to send one of the plishes to Blizzard and yahoo refused the forward as it's spam filter did not like it. Cool, one way filters......Wrong WAY ..... Yahoo=fail

As others have said, get an Authenticator.

You can go with the Key Fob version, or an application on most Smart Phones.

Then the choice is one Battle.Net email with all accounts on the same email. This gets you easier account management (via drop down boxes to switch accounts) from a single log in, and a single authenticator code. It also means, you need to log your accounts in one-after-the-other with a separate authenticator code for each.

Alternatively, go with five Battle.Net accounts, with one Warcraft account per Battle Net. Then link the same authenticator to each Battle.Net/Warcraft account. This means you will need to log in five times, for account management changes, but that you can simultaneously log into Warcraft with all of your accounts at once, on a single Authenticator code.

I went with the second option, since I log into the game more often then change payment details on my accounts; I'd rather have the faster log in, then the faster game management.

I used to think the 30 seconds between logins was long, but considering all the time it took to get all my accounts and characters back from being taken over by hacking idiots, it's worth it.

I last played in December of last year, before RL decided to slam me down and punch me in the kidneys. All 5 of my accounts were reactivated and hacked in April. I hadn't been playing and the accounts were frozen. Someone paid subscription on all 5 to strip them. I did get an email from Blizzard notifying me of a password change to which I responded in early April and got the accounts at least secured. No idea how they got my password since I hadn't bothered to even access, or pay for the accounts in 4 months.

Now I'm trying to get shit restored and one of the accounts unlocked since I'm thinking about coming back.

Needless to say - I'm ordering an authenticator on Friday if all goes well with Blizzard. I would highly recommend it.