I got hacked last night, when I logged in this morning I noticed my bank alt had been moved and my guild bank cleaned out. I went to reset my battlenet password and noticed my authenticator had been removed from my account. Since then Blizzard has cancelled my 5 accounts due to abusing the economy. I have a ticket open to get the accounts restored.

Trying to figure out how it was hacked and how were they able to remove my authenticator. I'm running full scans on my PC with Norton and spy hunter? Any other suggestions to verify I have a clean PC?

Thanks

Unfortunately, your only sure fire method is going to be a format and a reinstall.
Whatever hacked you, or acquired your login/password, defeated your current/previous security measures.

You can run an assortment of anti-virus or scans.
But you're not going to be sure, without a format/clean start.

You have to nuke it from orbit... it's the only way to be sure.




http://www.youtube.com/watch?v=aCbfMkh940Q

I got hacked last night, when I logged in this morning I noticed my bank alt had been moved and my guild bank cleaned out. I went to reset my battlenet password and noticed my authenticator had been removed from my account. Since then Blizzard has cancelled my 5 accounts due to abusing the economy. I have a ticket open to get the accounts restored.

Trying to figure out how it was hacked and how were they able to remove my authenticator. I'm running full scans on my PC with Norton and spy hunter? Any other suggestions to verify I have a clean PC?

Thanks

how did they manage to remove your authenticator in the first place?

how did they manage to remove your authenticator in the first place?
I thought the same thing as well since it takes two consecutive codes from the attached authenticator to remove it (or verification over the phone with the need to possibly fax in information to prove your identity), but... There is that mobile armory hack that's going around which is bypassing authenticators and maybe the hackers have gotten better at what they do. /shrug

I put the OS on drive C on its own hard disk, and everything else on other hard drives. I use Easeus to CLONE the whole C drive every few weeks. Disconnect the power cable from the back up drive when done with back up. If you have a problem take out the infected C drive and put in the back up drive and you are up and running in a few minutes.

Looking thru the Blizzard support forums, there seems to have been an issue with the remote AH, which I do use daily. Which might be why it was taken down over the weekend:

https://us.battle.net/support/en/blog/10294703/Web_and_Mobile_Auction_House-6_22_2013

Plus, there are a few threads on accounts getting hacked recently with the authenticator on them. Still looking thru the threads, but haven't seen any comments from Blizzard on the issues yet.

Your safest bet is to start over and treat everything in and on that computer as suspect if you think it's compromised. There are intermediary steps that are less drastic. Things like pulling the HD, mounting it on a known safe PC, and running a scan on the drive from that PC (don't run anything from the HD). Or burning a bootable DVD to check the computer (do this from a known safe computer)

Blizzard may be able to provide information as to how things happened that will help you understand the likelihood of your computer being compromised. I'd ask if they can tell you anything about how the authenticator was removed, dates, times, methods that they see from their end.

You can also always run a scan from the questionable PC with the questionable OS running. You'll have to decide if you trust the results or not. The usual advice about changing your passwords, at least battle.net/email attached to battle.net/any others that match applies.

If you don't feel like nuking it from orbit, there are an assortment of programs you can use to attempt to remove a keylogger

MalwareBytes
Spybot - S&D
Security Task Manager
HijackThis

Every one always seems to believe that they have a virus or logger when their accounts get hacked. Any one ever think that maybe you recently (within last 90 days) registered at a site that has used that registration information to hack your accounts? I know a guy who specifically made a website with WoW info just so he could hack WoW players accounts because alot of times people use the same info to register at sites that is used on their accounts. This may not be the case here but it happens ALOT.

Every one always seems to believe that they have a virus or logger when their accounts get hacked. Any one ever think that maybe you recently (within last 90 days) registered at a site that has used that registration information to hack your accounts? I know a guy who specifically made a website with WoW info just so he could hack WoW players accounts because alot of times people use the same info to register at sites that is used on their accounts. This may not be the case here but it happens ALOT.

Yes, but it doesn't hurt to check, now does it?

That's why I said "This may not be the case here" ;)

Every one always seems to believe that they have a virus or logger when their accounts get hacked. Any one ever think that maybe you recently (within last 90 days) registered at a site that has used that registration information to hack your accounts? I know a guy who specifically made a website with WoW info just so he could hack WoW players accounts because alot of times people use the same info to register at sites that is used on their accounts. This may not be the case here but it happens ALOT.

That is true but you cant remove the authenticator knowing just email/password.

This seems a hack on Blizzard, not malware on his computer.

I tend to be in agreement that it's likely outside his PC. and likely was too pedantic in my prior post. I'd still opt for scanning with a boot DVD. If anything turns up, research it and see what it was. If a lot of stuff turns up, then it might be better to start fresh and also put in place a plan to avoid a repeat. A quick search in general for boot DVDs turned up an older MVP post on battle.net at http://us.battle.net/wow/en/forum/topic/2089279493#8 with links to a number of options (as of 2011, may not all still be live)

Or hacked by pet, girlfriend or wife? Or even the US government!? This world has gone mad and chaotic, never know...

Sorry, OT. Can't help it...

On a serious note, please let us know the answer to the hack, should you found one. Thanks in advance.

I have run a few scans on my PC and everything is coming up clean. I don't think I have an issue with the PC, but I will be rebuilding just to be safe.

Blizzard posted this last night: http://us.battle.net/wow/en/blog/10310774/

I know longer subscribe but my accounts have several million gold total and I worry that when I eventually go back it will be gone.

My authenticator is still attached to the account, hopefully thats safe enough. Knew a guildie once that quit playing but he was hacked and his account turned into a trial so they could log in and take his gold.

"I know a guy who specifically made a website with WoW info just so he could hack WoW players accounts because alot of times people use the same info to register at sites that is used on their accounts"

How would that help with the authenticator?

Here an overview of what is going on: http://us.battle.net/wow/en/forum/topic/9363116634?page=9#173

Some people are saying even accounts that haven't been used in months are getting hacked. Remote AH has been down since Saturday for maintenance.

"I know a guy who specifically made a website with WoW info just so he could hack WoW players accounts because alot of times people use the same info to register at sites that is used on their accounts"

How would that help with the authenticator?


As Olsondw showed: http://us.battle.net/wow/en/forum/to...634?page=9#173 (http://us.battle.net/wow/en/forum/topic/9363116634?page=9#173)
There are always ways around, above, below the walls we put up and hackers will always find em :) Thats why sometimes a name and password is all that is needed.

You have to nuke it from orbit... it's the only way to be sure.


http://www.youtube.com/watch?v=aCbfMkh940Q

ROFL, you're so funny MiRai.

If you got hacked you should probably just stop using computers altogether. I can provide no tips to help you at this point. Maybe buy a MacBook or use Linux live cds from now on.