Quote Originally Posted by Ughmahedhurtz View Post
It MUST be an inside job. RITE?

On a less tongue-in-cheek note, hackers do not immediately use account information when they keylog/hack it. It sometimes sits for months before someone tries to take advantage of it. Rest assured that one of the PCs you used to logon to that account was trojaned, you "loaned" your account to a "friend" or you have a really, really weak password.

Again, the computer that the account was used was not used for ANYTHING other than that WoW account.........I never visited a single website, ran a single program, or anything of the like. I don't use software like Keyclone that talk home.

I have turned that computer on, and run packet monitoring software, as well as a scan for files (even hidden, archived, or the like) that were created AFTER the computer was originally created. Nothing other than WoW updates.

I know it's easy for people to say that it was my computers, but being a network security specialist for 10 years, I feel I have the ability to check for these things.

Let's say that for some reason, my main computer has been compromised. Why would an account that was never even logged into that computer be hacked? Also, why would it not be the account hacked that was on the computer I use for something other than WoW?

My password consisted of uppercase, lowercase, non alpha-numeric characters over 10 characters in length. It was not guessed.

I have never had anyone log into my accounts, friends used my computers, not even my wife.

Now, I have worked for companies where an exploit was used. When an exploit is successful, I have never seen people "wait" to use it. It's the same as in the study that was released this year stating that changing your passwords on a regular basis is a futile point. If someone gets your password, they are going to use it then and use it as much as they can before the security breach is found.

I even have a hardware appliance in place that sends me reports of daily web traffic, it reports TCP and even UDP traffic for any website, any port, any protocol used for communication through the box. No where does it state any communication out of the ordinary. No IRC communications, no CuteFTP exploits, no telnet communications, nothing.

I would be arrogant to say that it isn't 'my fault, but I'm not some kid that can't use a computer. I have several safeguards in place that can notify me if something is unusual. If it was my main account, then I would highly consider it to be my computer at fault. But companies do make mistakes, just as I could make mistakes. A good example is how Mythic was overcharging on accounts that were closed for years causing thousands of people getting overdraft fees.