Littleburst been hacked?

[Kang]

Littleburst was back in the game the next day already, and got everything back.

This is only true because Ebony happened to be online and catch it (Cheers Ebony!). The GM also worked extremely fast. If Ebony hadn't caught it, how long do you think it would have taken Littleburst to get the accounts back? Littleburst was very lucky in this situation. It's great you guys have a guild that watches out for each other and can spot suspicious behavior.

And i switch teams alot, at least 5 times in an evening. I actually have the authenticator laying next to my keyboard, unused.

If you are using ISBoxer here's a tip: you don't need to log entirely out to switch teams. I believe there's a thread on it in the add-ons area. If you aren't using ISBoxer..well..have fun.

[Littleburst]

This is only true because Ebony happened to be online and catch it (Cheers Ebony!). The GM also worked extremely fast. If Ebony hadn't caught it, how long do you think it would have taken Littleburst to get the accounts back? Littleburst was very lucky in this situation. It's great you guys have a guild that watches out for each other and can spot suspicious behavior.

VERY true

Today I got everything back, 2 accounts were still empty out of the 5. 1 ticket to a GM and it got fixed.

If you are using ISBoxer here's a tip: you don't need to log entirely out to switch teams. I believe there's a thread on it in the add-ons area. If you aren't using ISBoxer..well..have fun.

I need to get a new IS subscription first

The main reason for me though, is that I highly doubt it would have mattered.

Only a small percentage of the gamers have an authenticator.
A small percentage of the gamers with an authenticator still get hacked.
I know very little about how it all works, but I have massive doubts that your as safe as it's claimed with an authenticator. It's what feels right in the end and that's an endless discussion Fact is that authenticators probably block some hacks, safe blizz time, which shortens the waiting time to get your stuff recovered.

[Apps]

A small percentage of the gamers with an authenticator still get hacked.
I know very little about how it all works, but I have massive doubts that your as safe as it's claimed with an authenticator. It's what feels right in the end and that's an endless discussion Fact is that authenticators probably block some hacks, safe blizz time, which shortens the waiting time to get your stuff recovered.

I have an authenticator across 5 accounts.
My accounts were recently compromised due to an old old friend, sold his account.

His email account, and his game email had the same password. My friend and I used to share account information in case of raid needs if one of us was out. So the new account holder, had my account info. (bad move on my part to not change the email or password combo in 4 yrs.)

Authenticators explained:
Time syncronized disconnected authenticating tokens use specific algorithms to rotate at a set pattern of intigers over a specific time period. The wow authenticator has a specific serial code on the back which, when activated with your account, adds the disconnect algorithm to your accounts login. The login server syncronizes one rotation with your key. There are alledgedly different algorithms for each key.

Possible security holes:
The problem is, if a hacker knows the min and max limits to the intigers, and there arent ones missing from the middle, a key generator can be made, and used, but also only if the hacker also has access to your email account and password. (such as in my case)

Its also possible for a hacker to be running a key logger at the exact same time as you attempt a log in... already having your email and password. They have less than 60 seconds to log into your account online, deactivate the authenticator requirement.. then its down hill from there.


I would guess, if a hacker has access to your computer via a keylogger, or remote, and wants to invest the time to run a key gen search to find the algorithm thats syncronized with your account... as in my case... it appears doable. Then again, the threat level of this happening is much less than NOT having one.