hey Littleburst (http://www.dual-boxing.com/member.php?u=7264) on sunday moring at 2:15 you was logging in and off to the game on a lot of your chars me and how tryed talking to you but you did not say anythink i feel so bad that it looks like from me you was hacked.

sorry hun :(

update on this howsteed opened a ticket and got a GM to stop the all your chars logging in you probey get a email so check it out.

Oh, that doesn't sound good.
Last week i moved his rank down to Box member luckily. (Not that there's anything exciting in the guildbank to take)

fuck :/

blegh, still got 90k+ on the chars. I'll go check it.

How the hell though. I haven't logged in in 3 months or so?

Did the shit needed to recover stuff, account is inactive for 3 hours by now. The only thing I can imagine that I fucked up was in mail.... I recieved a mail I needed in Junk, marked it as OK and then for some pro reason my Hotmail loaded the next mail in my Junk instead of sticking to the mail. Which was a Blizzspammail. Don't recall if I clicked on the link, but I'm affraid I did :/

Not sure what I'm gonna do now, don't really feel like reinstalling Windows. Running a bunch of virus scans first, see how that works.

fuck :/

blegh, still got 90k+ on the chars. I'll go check it.

How the hell though. I haven't logged in in 3 months or so?

Did the shit needed to recover stuff, account is inactive for 3 hours by now. The only thing I can imagine that I fucked up was in mail.... I recieved a mail I needed in Junk, marked it as OK and then for some pro reason my Hotmail loaded the next mail in my Junk instead of sticking to the mail. Which was a Blizzspammail. Don't recall if I clicked on the link, but I'm affraid I did :/

Not sure what I'm gonna do now, don't really feel like reinstalling Windows. Running a bunch of virus scans first, see how that works.

wow well the GM worked fast. To be fair i take it they would of had to put game time on the acconts?? 2nd thing to rember is that if you do not sort out the hacked itams they Could be lost forever? (thats a lot of gold)



http://www.justin.tv/howster/b/286397779

at 9:14m into the video you can see what the GM put to howsteed


To be fair if you had something keylogging (in windows) your acconts then you need to log in (your not playing wow so they did not get it that way) from what u said u got phasing email and u clicked the link and logged in....... (happons to us all when we not thinking)

Did you have an authenticator? Just wondering as I have heard a small amount of people get hacked even with one.

To be fair if you had something keylogging (in windows) your acconts then you need to log in (your not playing wow so they did not get it that way) from what u said u got phasing email and u clicked the link and logged in....... (happons to us all when we not thinking)

That's the fucked up part. I haven't logged in to wow in months. I clicked that fakeblizz mail on sat 21-5 and the day after they stripped my account. The only thing I did was log in to battle.net once. Like a week before I clicked that link.


Did you have an authenticator? Just wondering as I have heard a small amount of people get hacked even with one.

Nope, I'm a to lazy fuck for that still. Yeah, I know it's wrong etc.

Now i know it's so easy to get your items back, i don't see much need in the authenticator. It takes too much time to log in 5 clients anyway.
Or am i missing something?

Now i know it's so easy to get your items back, i don't see much need in the authenticator. It takes too much time to log in 5 clients anyway.
Or am i missing something?

2.5 mins versus 3 days to 1 month get your accounts back (and you aren't guaranteed to get everything back), which is longer? Getting an authenticator is an individual choice, but your argument about it being too much time to log in is just plain dumb.

As far as I know, no one on this site with a physical authenticator has been hacked. The dial-in authentication is easy to hack with a proxy. Give yourself peace of mind and save your guildies the hassle of bailing you out, -- get an authenticator (it's even free if you have a smart phone).

/end public service announcement

2.5 mins versus 3 days to 1 month get your accounts back (and you aren't guaranteed to get everything back), which is longer? Getting an authenticator is an individual choice, but your argument about it being too much time to log in is just plain dumb.

As far as I know, no one on this site with a physical authenticator has been hacked. The dial-in authentication is easy to hack with a proxy. Give yourself peace of mind and save your guildies the hassle of bailing you out, -- get an authenticator (it's even free if you have a smart phone).

/end public service announcement

Problem is I change characters a lot and prefer to keep as few clients running as possible to make it as fast as possible. So today, only checking chars not even playing I logged in about 20 times. Thank god I don't have an authenticator(yet).

2.5 mins versus 3 days to 1 month get your accounts back

Littleburst was back in the game the next day already, and got everything back. And i switch teams alot, at least 5 times in an evening. I actually have the authenticator laying next to my keyboard, unused.

Littleburst was back in the game the next day already, and got everything back.

This is only true because Ebony happened to be online and catch it (Cheers Ebony!). The GM also worked extremely fast. If Ebony hadn't caught it, how long do you think it would have taken Littleburst to get the accounts back? Littleburst was very lucky in this situation. It's great you guys have a guild that watches out for each other and can spot suspicious behavior.


And i switch teams alot, at least 5 times in an evening. I actually have the authenticator laying next to my keyboard, unused.

If you are using ISBoxer here's a tip: you don't need to log entirely out to switch teams. I believe there's a thread on it in the add-ons area. If you aren't using ISBoxer..well..have fun.

This is only true because Ebony happened to be online and catch it (Cheers Ebony!). The GM also worked extremely fast. If Ebony hadn't caught it, how long do you think it would have taken Littleburst to get the accounts back? Littleburst was very lucky in this situation. It's great you guys have a guild that watches out for each other and can spot suspicious behavior.

VERY true :D

Today I got everything back, 2 accounts were still empty out of the 5. 1 ticket to a GM and it got fixed.




If you are using ISBoxer here's a tip: you don't need to log entirely out to switch teams. I believe there's a thread on it in the add-ons area. If you aren't using ISBoxer..well..have fun.

I need to get a new IS subscription first ;)

The main reason for me though, is that I highly doubt it would have mattered.

Only a small percentage of the gamers have an authenticator.
A small percentage of the gamers with an authenticator still get hacked.
I know very little about how it all works, but I have massive doubts that your as safe as it's claimed with an authenticator. It's what feels right in the end and that's an endless discussion :) Fact is that authenticators probably block some hacks, safe blizz time, which shortens the waiting time to get your stuff recovered.

Yeah authenticators are a pain in the ass.. I have 3 of them for my 3 battle nets.. but wouldn't be without them now.

A small percentage of the gamers with an authenticator still get hacked.
I know very little about how it all works, but I have massive doubts that your as safe as it's claimed with an authenticator. It's what feels right in the end and that's an endless discussion :) Fact is that authenticators probably block some hacks, safe blizz time, which shortens the waiting time to get your stuff recovered.

I have an authenticator across 5 accounts.
My accounts were recently compromised due to an old old friend, sold his account.

His email account, and his game email had the same password. My friend and I used to share account information in case of raid needs if one of us was out. So the new account holder, had my account info. (bad move on my part to not change the email or password combo in 4 yrs.)

Authenticators explained:
Time syncronized disconnected authenticating tokens use specific algorithms to rotate at a set pattern of intigers over a specific time period. The wow authenticator has a specific serial code on the back which, when activated with your account, adds the disconnect algorithm to your accounts login. The login server syncronizes one rotation with your key. There are alledgedly different algorithms for each key.

Possible security holes:
The problem is, if a hacker knows the min and max limits to the intigers, and there arent ones missing from the middle, a key generator can be made, and used, but also only if the hacker also has access to your email account and password. (such as in my case)

Its also possible for a hacker to be running a key logger at the exact same time as you attempt a log in... already having your email and password. They have less than 60 seconds to log into your account online, deactivate the authenticator requirement.. then its down hill from there.


I would guess, if a hacker has access to your computer via a keylogger, or remote, and wants to invest the time to run a key gen search to find the algorithm thats syncronized with your account... as in my case... it appears doable. Then again, the threat level of this happening is much less than NOT having one.

authenticators been hacked for banks before and others.

A comany i work for use a system like this and the other day the hole algorithms data bank was taken am sure if they can do this for a banks thats sorting card data and other data then blizzards will be taken even when the hackers get the algorithms they need to get the password as well so a stongpassword and a email that you do not use on other sites. its just a wow email addess am useing one agean but last few weeks it took 2 weeks to try and take the dam thing off when my phoned died and blizzard call centers are call wiating


useing a stong password you be fine was before before as long as your not clicking and silly links and got players watching out all is good how ever little was hacked the gm did not change his password but he stoped the hacker logging in after howsteed open the ticket.

Stong good password "sp61DJ*#ws25^&EB"

Agree with ebony.

Two things.

One, I currently use a single, password protected, MSWord document on my USB Flash drive, to keep a list of all my passwords. USB in, highlight the password, "Copy", CTRL+V into wow. Keyloggers are thwarted.

Two, I continue to urge blizzard to provide an internet based email system for its users. If Blizzard.net is as secure as they claim, and stand behind. Whats the reason to not offer a single email slot to each user who chooses it?

How often does gmail get hacked? Yahoo mail? Freemail? AOL? If you work for a large corporation (like me), how often does THAT account get compromised?

Maybe the suggestion is too easy to see.

Might be a silly question, a fast google didn't result in an awnser:

Do you also need your authenticator to log into battle.net?

Interesting things btw Apps :)

Might be a silly question, a fast google didn't result in an awnser:

Do you also need your authenticator to log into battle.net?

Interesting things btw Apps :)

Once you add the authenticator to your account... yes. you need the authenticator to log into battle.net. But once you are in, you can deactivate the usage.

Once you add the authenticator to your account... yes. you need the authenticator to log into battle.net. But once you are in, you can deactivate the usage.

Ok, that makes sense.

One, I currently use a single, password protected, MSWord document on my USB Flash drive, to keep a list of all my passwords. USB in, highlight the password, "Copy", CTRL+V into wow. Keyloggers are thwarted.
Uhhhh.... negative. Keyloggers can easily read what is on your clipboard.

I created five brand new emails, one each for the B.Net accounts.
Since we can no longer use one authenticator across five accounts, when my authenticator eventually dies I'll have billing place all five accounts on a single B.Net.

Anyway, those five email addresses are not used for anything else, anywhere.

I'm not saying I cannot be hacked, but not using the log in anywhere is a start.
So if running Firefox +NoScript +Adblock.
So is using an authenticator on the accounts.
So is not clicking the wow related links, on my normal email (which has never had a wow account associated with it).

I got hacked a few months ago while I was at work. I called blizz during my lunch hour and had all my stuff restored and account secured before I even left work. Blizz works fast now it's crazy.

I created five brand new emails, one each for the B.Net accounts.
Since we can no longer use one authenticator across five accounts, when my authenticator eventually dies I'll have billing place all five accounts on a single B.Net.

Did this mine broke :( blizzard pusged me to join them they said i like the new toys there givein us acconts under the same email now blizzard can support better. they send me new keyfod's out free!

Them acconts are now PTR nerver been accesed or hacked.

Anyway, those five email addresses are not used for anything else, anywhere.

Same. i just checked the email and its olny got blizzard email useing google apps on my own doamins no spam there.


I'm not saying I cannot be hacked, but not using the log in anywhere is a start.
anything can be hacked with or without a keyfod but it does help users that has a lot on there pc's

So if running Firefox +NoScript +Adblock.

i got a hardcore router on my setup that blocks this at the host of my network all linex and all freewave and very safe


So is using an authenticator on the accounts

am getting bored useing one. olny thing is with google chat on phone maybe its not such a good plan,, but after running wireshark from the phone on my network you do not see anythink the hole off blizzard app is HTTPS. even guild chat.

.
So is not clicking the wow related links, on my normal email (which has never had a wow account associated with it).
yep this is the key,




Uhhhh.... negative. Keyloggers can easily read what is on your clipboard.


this is ture but god keyloggers are so 1996 a good even free AV can very easy pick up a Keylogger now. hey even my Router can pick one up on the netwrok and email me!