Any of You Get One of These?

[emesis]

First off, assuming your machine is not infected with keyloggers, how can anyone hack your account if they don't even know your account name? Without some amazing social engineering, or breaking into your machine, how is anyone going to even know where to start hacking your account?

Assuming someone HAS your account name... You failed and now your password can be hacked. Perhaps it's time to get one of these devices.

The problem seems to be people having your account name to begin with. So don't go to any non-trusted WoW or MMO sites and play on a Mac if you have problems with keyloggers

Whoa. While keyloggers may represent the single largest security threat, getting a bunch of WoW account names would, in fact, be relatively simple.

Do you consider your incoming email to be secure? The internet SMTP and TCP/IP routing protocols 1. send email in plain-text over open networks, and 2. use whatever relay route they can through open servers to deliver a message from Blizzard to you.

Are you aware that Blizzard includes your account name right in the e-mail in a variety of standardized form letters regarding account activiation, etc? I.e., "Congratulations! You've successfully created your World of Warcraft account. Your account name is: "

All that is needed is access to one compromised relay server and you could easily grep out any account names that have routed through that server. The same thing applies at the level of a local area network/router compromise.

After that, it's just a matter of brute force password attacking. I don't know if Blizzard locks the account after a certain number of failures, which would mitigate brute force attempts. However, getting your account name is something that could easily happen regardless of how secure your personal PC/Mac and home network is.