Pick up a prepaid Visa card to get around this. Or, open up a separate account that you use only for online purchases and only fund it for the amount you are going to use for that purchase at that time (this was recommended to me by Wells Fargo after someone stole my check card number).Originally Posted by zenga
Update......
As of this message, all but one toon has been restored. (this particular toon was on a different realm and had not been played in quite some time) All of the guild's bank items/gold/toons gear/toons gold/bank items, ect.... have been sent back to each via in-game e-mail.
It's difficult to actually determine if anything was left out, but I'd say that Blizzard has done a great job at fixing this issue and returning the items that were stolen.
Now............ to try and figure out what actually caused this in the first place.
I do know that I do not frequent ANY sites that could have captured any info that may have compromised my WoW account. As mentioned in my initial post... I am a strong advocate of security software and keeping current A/V software up to date as well as firewall software on my system. That's what makes this difficult to solve. Some have said my e-mail account had been compromised, others believe there may have been a keylogger installed on my system, none of which I want to believe, but one thing is for sure, my WoW account was hacked.
I don't have the answers yet, but I'm going to dig into it as far as I can to try figure what went wrong. If I do find what exactly happened or probably happened I'll post it back here.
Thanks to all who responded/contributed to this thread, hopefully it'll not happen to anyone else.
Best regards
Ñightsham
..... s l o w l y getting there
One tip: the GMs on the WoW customer service forums have mentioned several times they are on the lookout for a keylogger that only runs when the WoW Loader.exe is running, and it's a nasty one. Start up Loader, and run your scans. They are asking for people to let them know when they find it.
You could have also gotten on via Flash or another vulnerability. They are *everywhere* these days, and not just for WoW, they're out there for other games, and more seriously, for bank accounts and PayPal accounts.
You mentioned something in your original post about Battlenet - I hope you don't think it's the cause. Battlenet is not causing people to be hacked, but the douchebags ARE using it to lock down accounts when they steal them. But, there is not one reported case of an exploit happening because of Battlenet. BNet may in fact be a huge boon to players, because it's almost impossible to have an account detached, unless you can prove you own the account.
The Authenticator is THE number one solution to the problem, if you don't use it, you're just playing with fire. If you can't afford it, put it at the top of your xmas list.
I use a Mac, and I still use an Authenticator, the iPhone version. The Flash vulnerability showed that they can get to Macs, and it's only a matter of time before they figure it out and start stealing more Mac based accounts. There's too much money involved to ignore all the Macs. I suspect they've been trying things in the ads served to the forum over at WoW, because every week or so, going there will crash my Mac (running Firefox) when it tries to load the ads. It will clear up eventually after a day or so. I *never* crash in Firefox, and I go to a lot of sites daily, even more weekly. The Wow forums are the only place I have *ever* had Firefox crash. (Safari crashes, but it's a POS browser)
Prot Pally • Destro Lock • Holy Priest • Boomkin • Arcane Mage
Heroic Bosses Down: Moorabi • Kologorn • Ormorock • Prince Keleseth • Eck
What I meant by that statement was the fact that I had to merge all the accounts into one. (yeah, I could have kept them all under seperate logins, but having five more email adresses would have been a pain IMO) Just makes it a single point of vulnerability for all my accts is what I was getting at.
Agreed....$20 is cheap insurance for time/money invested in playing this game.
When on the road traveling (as I am atm) I use my MacBook Pro to play and also use FF/TB for surfing and mail. No issues on this OS thus far, but like you said, it's coming.
BTW what A/V do you use on you MAC (McAfee?)
..... s l o w l y getting there
Call blizzard and prove the secret question they ask. They change the email and send you a new password.
You actually went to the link they sent you. THAT is why you got hacked, because you went to it on any computer at all.I'm very pro-active on security and as an ironic twist to this I had recently reported 2 different in-game messages sent to me about "so-called" get your xmas free mount or whatever, that I had sent those sites to blizzard reporting the offending website. The thing is, I didn't access that site on my WoW computer (I only play/MB from 1 computer) I accessed it from a seperate computer and the only commonality is that they are on the same LAN.
I agree with you totally, keylogger or a middleman, though the latter seems remote. I'll do a full scan again when I can, in the meantime I'll play from the Macbook
NEVER go to any link from any scam message, EVER. It's just not worth it even to see what it looks like.
I'm going to live forever, or die trying.
5 Shaman Northrend Heroics - My YouTube Channel - Details about my setup (outdated)
T2 Heroics: lvl 80 Heroics wearing lvl 60 armour
Running 5-6 accounts on one computer, currently playing Horde on US-Skywall.
My main teams:
5x Shamans lvl 85
5-class team lvl 100: Paladin, Druid, Shaman, Mage, Priest
Anyone knows if battle net uses any effective anti brute force techniques?
Everything that is fun in life is either bad for your health, immoral or illegal!
Thanks for this tip! I never realized my gmail was not in https 100% of the time...now it is. But still, I sleep easy knowing my wow accounts are all protected by an authenticator. Got hacked once, WAY back and as soon as the authenticators were available to Canada I got one.
My story...if interested. I'd recently changed emails and had gone through the process of updating my various accounts and stuff to my new email. I was on a WOW break so I never actually changed my WOW email. Somehow somebody got my password/login, and since I'd been doing so many email changes, when my old email showed up with a "change wow account email address" message, I just clicked the link to confirm it without realizing it was setting it to somebody else's email. That's the last I heard of it.
About 10 months later, I go to login to wow to reactivate my account, lo and behold the password doesn't work. So I request a reset...then I notice it's sending it to a different email address because it ASKS for your email and account name, and it said it couldn't find my account/email combination.
Telephone call to blizzard yields that the account was jacked 10 months back, and swiftly got banned for economy exploitation. They restored it, reset the email and password for me, and told me to submit an in-game ticket for any missing gold/items.
Well I did, because my entire bank of 18-slotters worth of 40-man raid epics and 25-man BC raid epics was gone, all my gear was disenchanted (toon was an enchanter), tons of extra L1 toons everywhere, etc etc. I compiled a VERY long list of missing gold/items, in-game ticket length is limited so I just submitted a ticket asking for an email address I can submit my long list to.
They give me an email and a reference number or something...yes the email is at blizzard.com, and yes the reply came from a Game Master in-game so I send off the email.
Two weeks later I get a reply email, "Sorry, since your loss occurred so long in the past we are unable to verify your loss of items and/or gold. We cannot provide a restoration at this time..."
So I had two naked & broke L70's, stranded on a server (my guild had disbanded and the few RL friends still playing played elsewhere), plus a slew of other naked/broke toons at various levels. Not wanting to buy gold or beg for handouts from strangers, I just started fresh on Shadowsong Horde where a friend played (was alliance-nathrezim previously).
When faction transfers came live, I transferred over one of the 70's, geared her up in BOE's, leveled her, and she's now my main raiding toon
I do routine testting of Anivirus & Firewall software, thus the reason why I went there.
Beta testing VIPRE Premium now.
..... s l o w l y getting there
It's funny, that they sent me 6 password changes for the combined account. One would think that the single email address would suffice for a password reset. (since they're all combined now)
..... s l o w l y getting there
Posting Rules
Reply With Quote
Connect With Us