So I got hacked...my own fault but damn what a pita

[Zamok]

Oh so I got hacked sad thing is it was right as I was transfering my toons to accross accounts before I moved to battlenet to set up my new authenticator.

My email I used for Wow was hacked/keylogged whatever not sure how but thats beside the point. (PS I dont have a habit of clicking links or visiting sites I should not but somehow I still managed to F'up.). The IT guy at work cannot find anything on my PC except a AV warnign 3 months ago that was supposedly caught, so a reformat and a re-install of everything soon followed.

All I can say is these feckers are patient and fast.

1. Authenticator arrives, yay wont get anymore shit for not having one.
2. I decide to transfer one of my pallies to a different account so I can use him as part of the new team.
3. Transfer confirmation email arrives with account name listed in it.
4. I log into blizz to do the confirmation thing. hmm password isnt working.
5. Try to do a password retrieval/change error "you have done this to many times in a short period"
6. I log into an alt account in game and see the guild bank being looted. Kick my other toons from guild to stop the process.
6. I quickly start zapping account with new passwords.
7. I go to log into email again and I start to think I should have learnt cantonese as the default language on the email account is no longer english.(Edit: Not a shot at chinese but I can tell you what a brilliant piece of work this was on their behalf, the turn me back to english button was in another language and I had a hell of a time finding it)
8. I return to game screen to see I have been kicked from server.
9. I manage to save 4 of 9 accounts with email changes from my laptop and petition a GM.
10. GM responds quickly somewhere like 40 minutes (which is good considering it was PM aussie time) and does his thing. All accounts are being locked down for the night until I can get hold of billing in the morning US time.
11. go through all the processes on Blizzard site etc etc

End result. In that time they had they managed to

Delete all my raid toons accross 5 accounts. Strip the guild bank of about 30k worth of mats and cash and create toons on one account on near every US server called ASDHGEE or similar.

So what a lovely day yesterday was. I now have control of the accounts again and they are registered on the authenticator. Now to wait and see if they can recover my main raid toons.

[Drommon]

Holy cow!!! How did they do that?!?! That is very organized and very fast! Glad I got an authenticator when they first came out. I wish all the best for you!

Drommon

[thinus]

When they catch people that do this they should chain them in town squares so we can throw rotten fruit and vegetables at them and generally beat the snot out of them.

Hope you get everything back.

Are you sure your email was hacked? Did they log into your email account? Is your email with your ISP or is it with hotmail/gmail/yahoo, ie webmail type interface?

Does Blizzard ask a secret question before emailing you a reset password?

The reason I ask is that they could possibly be screwing with the DNS and your domain's email could be directed to their mail server.

EDIT: So I went and checked, on the account retrieval page it asks for your account and email address. So somehow they must connect the account name with the email address.

I can't think of a reason why they would request the password (causing you to be locked out of doing it) if they already had the password so logically they must have used that service to gain access and somehow they must have intercepted the email. Maybe you can ask Blizzard if the email address on your account was changed. Not sure if they would give out that information but it would be handy to know if you were keylogged or whether they somehow made a connection between your account name and email.

They may even have packet sniffers along the route somewhere that picks up the wow login information packages. If they can get the account name and email from those packages then there is absolutely nothing we can do about it, it is completely reliant on how secure the encryption of the login communication between the WoW client and server is.

[Zamok]

Was a hotmail account and oh yeah they were in it deleting emails from Blizz so that I did not know what was going on, at the same time I was trying to change the email password.

What basically happened was I transferred some toons and the email I got for confirmation had an account names on it. Well I beleive it did since its been deleted now.

Since they had access to my hotmail and now the account name. Simple password reset. Click the link put the new password in and your set to loot the account. The emails on the accounts were not changed until I managed to change the email password but by then it was a bit late.

Here is a copy of the subsequent emails sent to the compromised email.

Greetings!

Account Name: BILLYBLOGS123

It has come to our attention that your account security may be at risk. In an effort to combat this, we have reset your password as a preventative measure.

To limit the amount of interruption this may cause, we have taken the liberty of sending a new password to this account's registered email address.

We have also forwarded your account information to our character specialists for further investigation and potential restoration. Please keep in mind that, due to the nature and complexity of these investigations, it may take several days for us to contact you with the findings of our investigation. We appreciate your patience and understanding in this matter and apologize for any ensuing delay.

- As account security is crucial we recommend that you take the following steps to ensure the security of your account:
- Make sure to scan the computer system you are using to remove all viruses, Trojan files, and key loggers. For more computer/Internet safety and security tips, please visit (link)- If you wish to change your password, please do so at your Account Management page at the World of Warcraft website (www.worldofwarcraft.com). To further enhance your accounts security, you may also wish to change your email address from this same page. If you have trouble with either of these measures you may contact our Billing personnel directly at 1-800-59-BLIZZ (1-800-592-5499) Monday to Friday between the hours of 8 a.m. to 8 p.m. Pacific Standard Time to update the email address on the account. Customers in Australia should call 1-800-041-378.
- Delete any UI modifications you may be using, and ensure that all UI modifications you wish to install in the future are obtained from a reputable source.

Helpful tips and information on securing your account can be found by visiting: (link)
For more information about unauthorized account access, you may also visit (link)

Should any other questions or concerns regarding World of Warcraft arise, please do not hesitate to contact us either via the in-game petition system or via E-mail at about:WoWGM@Blizzard.com.

*** Please do not respond to this email as all conversations on this matter would be best handled online. ***


Regards,

Galtics
Game Master
Blizzard Entertainment

another email I still have in the inbox for all my accounts.

Greetings,

This notice is being sent to inform you that we are currently processing the recently purchased electronic upgrade for your World of Warcraft account BILLYBLOGS123. Once your account is fully upgraded you will receive a confirmation email with additional information.

Effective immediately, the leveling restriction on the account has been lifted and you may begin leveling freely during this processing phase, though communication options will still be limited until the upgrade is complete.

Thank you for your purchase, and enjoy your time in Azeroth!

Blizzard Entertainment

www.WorldofWarcraft.com

So once they had access to the email the accounts were not hard to find. I have put in a suggestion that they do not use the account name on compromised account emails for obvious reasons. Still all in all my own fault for messing up my email somehow and I have now followed some advice I found here and created a new clean email for WoW accounts.

[Ualaa]

Sorry to see this shit happen.
I really wish we could find the people who do crap like this.
And meet them face to face, instead of them being an anonymous piece of shit, living somewhere on the internet.
Of course, they'd then have a legitimate aggravated assault charge against us, which wouldn't be too fun.




I really don't understand why a hacker would delete characters.

Sure, DE or sell any gear which they can get gold for.
But something like PvP gear which won't vendor or DE, why destroy it?

From their point of view, the account is stripped of everything that can be taken from it.
And the person clicked whatever, resulting in the compromised account.
So leaving the high level and the pvp gear, trade skills etc...
Means the person can gear back up faster.
And they have already done something to compromise their account once.
So there's a decent chance of it occurring again.

[thinus]

Ok, thanks for the info. Time for me to remove all references to my account names from my email

[Zamok]

I really don't understand why a hacker would delete characters.

Besides being embaressed and the pride thing thats what hurts most. The gear is easy enough to replace these days and plenty of freinds to help out there including the 15 or so that mounted up and stacked on mailboxes in Dalarn to try to stop them mailing my stuff. Why bloody delete the toons.

[Ualaa]

The best solution is to go to: http://us.blizzard.com/store/?rhtml=y

Type Authenticator, into the search box.
Select the US or Canadian/Australian option.

They're both in stock.

Once the authenticator is associated with your account or B.Net email, no changes are possible without the code.
The code changes every 30 seconds, and is six digits long.. so one in a million chance of guessing the right code.

You can associate the authenticator with multiple accounts or B.Net accounts.

So if you don't care about the new Account Management features for having all your accounts on one B.Net account, you can use one authenticator for 5 B.Net accounts (with one wow per B.Net account), and still log into each game at the same time with one code.

Or alternatively have the accounts on the same B.Net account, gain all the new features they're implementing, and have the one authenticator associated with the B.Net account. Which means a 30 second delay between each account logging in. A small price for the security.

I personally prefer 5 B.Net accounts, and logging them all in at once, on one code.

[Zamok]

Yeah sadly thats what I was setting up to do when this happened. After being politely smacked up the side of the head here the other day because I had mis-information about accessing one in Australia.

[Khatovar]

I really don't understand why a hacker would delete characters.

The *only* thing I can think of for deleting the characters is maybe, possibly they think they can get more business that way? I guess they think people are stupid enough to say "I got all my shit taken and my toons deleted because of some random asshole, I don't want to start all over, so I'll pay this power leveling company to level a new toon for me." *shrug* Never underestimate the lengths people will go to to be utterly and mindnumbingly stupid?

Unless it takes longer to get toons back from a full delete as opposed to just restoring gear? I don't know, never been through it. I guess they could think that if the Blizz GMs have to spend X amount of time restoring a deleted toon and replacing the gear/money whatever, they {the account thieves} have longer before Blizz tracks them and the stolen currency down? Though I was under the impression that restores of that magnitude ended up as pretty much just toon rollbacks instead of having to research and replace.