I've played WoW since Vanilla release and never had an authenticator - guess I thought I was invincible. However, they got to me and I was hacked. 5 accounts banned and now going through the lengthy process of restoring the toons.

I have added an authenticator. I scanned for viruses using Avast, but didn't find anything. What else can I do to protect myself? I don't really care about WoW since it now has the authenticator, but I'm worried about any other information from a keylogger.

Find out if your other important accounts that you use also have 2-factor authentication. Google has a validation tool which I use, as do my bank and credit card issuers, although financial accounts are less likely to be hacked because of the high chance of law-enforcement response. Past that there really isn't much you can do that you probably haven't already been doing. No flash, no script, Adblock, don't visit fishy sites, run av, scan for malware, etc.

Personally I don't worry much about things being hacked that can't have authenticator type devices attached since there will always be hacks. Mostly I just don't put much out there that isn't under such protection and that seems to do enough to make me a hard enough or worthless enough target that I'm not bothered.

I would definitely recommend a clean OS install after your computer got compromised.

i would definitely recommend a clean os install after your computer got compromised.
qft

Couple of things come to mind. Yes, OS reinstall recommended. Consider using a sandbox for your web browser. Sandboxie has a free version. Spyshelter/Zemana are pretty good for spyware, and I like Private Firewall(free). Malwarebytes is very good.

Personally, I use a separate computer that has nothing on it but Windows and Firefox, for $ transactions. I use it for nothing else. Peace of mind:)

There are always going to be spyware/trojans/etc that will not be detected. Like Kate alluded to, hackers are working 24/7 on this stuff, count on it. Macs are not bulletproof either, it's just hackers have always had a hard-on for Windows. Watch what you install/run, and beware of any email attachments.

I'd imagine Lax could give you some pretty good advice.

You could sandbox every single application and you'd still be vulnerable to exploits attacking old/unpatched software/plugins/browsers.

Keep all your software updated and regularly run security scans. Be glad this isn't herpes. Essentially the cause is the same.

i scanned for viruses using avast, but didn't find anything

of course it didn't

of course it didn't

Honestly, I don't rely on AV software (I'm a big AVG Free User) to remove anything. I just want to know if something IS there so I know when to wipe the system (If I don't already know something is going on). I've been told him I'm a bit format/re install happy, but I've only had 1 virus in the past 5+ years or so (Lost track) and that was due to putting off an adobe flash player update. I go to some pretty shady places on the web and the virus I got back in December was from an ad on curse.com

Some people rely on Norton / McAfee / Whatever to protect them and be able to remove any threat that may come up. That's perfectly fine. I still stand by keeping software updated and being smart about what you click on is better than any AV software out there.

Your mileage may vary, Warranty void everywhere, use at your own risk.

I've been hacked before a long time ago so i know it can be hard on you emotionally. Isn't this the 3rd guy in like 4 months that got hacked in our guild? The biggest threat are the phishing emails that come from the gold sellers that you bought your gold from. They say they are from blizzard but they aren't don't even be curious and peek. After i got hacked I got a one of those Authenticator cipher code things. But it was a friggin hassle logging in. So i ended up disabling it. I haven't been hacked since so I don't feel bad about doing so.

Additional Tips
1. Once you have been compromised do a fresh OS install
2. Try to keep only WoW on the box you game with. I'm not saying you have to. I don't. I just don't visit dangerous sites on my WoW box. In Afghanistan all workstations had 3 physically separate computers on 3 physically separate networks.
3. Use a gimp computer to do slim shady stuff.
4. Have multiple emails. One for work and clean business, one for friends and family, and one appeasing online registration needs. If "Blizzard" emails come in from your alternate email you can absolutely sure its not legit.
5. We can all type in our passwords without thinking. Type your password in a way that most key loggers don't track. I don't know how reliable this is but i was told that most key-loggers dont track the left and right keys. So as a solution consider typing ssword then use your left key to go back to the beginning and type Pa creating Password.

I would definitely recommend a clean OS install after your computer got compromised.

^THIS^ Happened to me once and got everything back ran 4 dif virus and other checkers came up clean, changed emails and passwords logged in to check everything got off and came back 15min later and they were all stolen again. But I was quick enough that I changed everything fast and did a reformat and never had a problem again. I also have an authenticator now but i couldn't get one at first because they were back ordered. So do a clean OS install for sure!

Eh, there are numerous ways they can get you.

For starters, many websites are run by people who take an interest in grabbing passwords. I'm not going to say one from the other because it is random and hard to tell. Basically, don't ever use the same login id in two different places.

Some places for example won't encrypt passwords. Or they have a vulnerability to people who join on and then keylog a production server.

Then, the hacker just sits on the information or sells it.

Eventually, someone somewhere obtains it, with the user id and then starts looking up said person on other forums, websites, games, etc. They're looking for some paydirt.


That's when they get you. Once they've made the connection they'll use it or sell it.

Another usual is brute force. Someone sees your ID and goes to town on a system to figure it out. That's not usually the case with sites that have limited authentication attempts.


The former is usually what happens which is why it is so random. Sites that mandate you use an email account for example are often plagued with a problem. People use the exact same email and exact same password on two different sites/games. Big problem.