So I'm convinced Blizzard has security issues

[Sbrowne55]

I had all 10 of my accounts hacked, It was a trojan keylogger. Which I'm certain was from visiting websites for my rogue and researching info about dps etc in IE.

I got keylogged after reopening 5 of my accounts through account mgmt. 2 hours later the hacks started, and I woke up the next day cleaned out. Now, I have read that some of you had your CC info hacked, and they actually used it. What exactly did they use your CC on?

I'm quite sure they probably got my CC too since I entered it 5 times. They were in my facebook, from a location in Poland... Which could have been spoofed. But my CC it hasn't been touched in a month. I figured these hackers would stear from using that sort of crime, as its punishable in other countries, unlike hacking wow accounts.

Let me know, I may go ahead and say there stolen to get new ones.

[alcattle]

Sorry to hear your loss, I would get the CC on alert at least and changed if it doesn't include other problems like automactic bill pay.
IE is your first mistake, a hack waiting to happen. Using one computer is always a problem, but you can prevent some things like keyloggers if you out smart them. Try a virtual machine and do not use that for WOW. Try linux. A live CD will stop some of the baddies. Get a netbook and use that for all but WOW.

[Tonuss]

I'm quite sure they probably got my CC too since I entered it 5 times.

I would strongly suggest that you report it and have a new number issued. It's not a major hassle to have your CC info stolen these days (assuming you have a card with a reasonable liability limit and good monitoring) but I don't think it's ever good to have that info sitting out there in someone else's hands. At the least, you can limit the damage that the CC company/bank is liable for, because over the long haul that increases costs for everyone.

[Dramoth]

Something that I found unsettling in my hack was that my notebook, which I formatted as part of my nuke from above clearance kept giving me an error when i tried to connect to my desktop using remote desktop, it kept telling me I had a connection already running. This happened both times I formatted the notebook, then unplugged it and pulled the battery, even the BIOS had it's date reset due to no power, then on the 3 rd format I disconnected my modem so that it would get a new IP and only then was I able to connect to the other desktop remotely after that fresh install. My suspicion is that the original trojan had captured the ip address of my network and so they were able to still connect to my machines remotely using some other hack.
ALL VERY SCARY

That would possibly be done using a hack attack using the nice little NSA port (port 60).

They can use that to download and edit your registry to add a run_once key that tells your machine to access a particular webservice and download the application at the far end and run it to register your new root kit.

From there they then have the capabilities to make a remote desktop request and connect to your computer.

The worst part is... that you never see a thing.

[Ughmahedhurtz]

Taken out of context, I meant that I tried their fix for my firewall blocking WoW access. That fix did not allow me to connect.

Edit: Might be best if I just shut up and go to the corner for a time out.

Heh, BAD KITTY! NO COOKIE FOR JOO!

On a more serious note, if you tried opening the ports Blizzard specified and it did not fix your problems connecting, you either A) did something wrong, B) have something else interfering like a hardware firewall, or C) are using a really, really shitty software firewall like Norton's Internet Security, which has like 15 different "smart firewall" parts that sometimes tie together in strange ways causing things like RDP or file sharing to stop working when the parts that say RDP or file sharing are set correctly.

Norton.... /wrists /shotgun /C4enema

[alcattle]

Heh, BAD KITTY! NO COOKIE FOR JOO!

On a more serious note, if you tried opening the ports Blizzard specified and it did not fix your problems connecting, you either A) did something wrong, B) have something else interfering like a hardware firewall, or C) are using a really, really shitty software firewall like Norton's Internet Security, which has like 15 different "smart firewall" parts that sometimes tie together in strange ways causing things like RDP or file sharing to stop working when the parts that say RDP or file sharing are set correctly.

Norton.... /wrists /shotgun /C4enema

you tried opening the ports Blizzard specified and it did not fix your problems connecting. This is true
a) can't be positive I did that right
b) why did it only happen after the patch?
c) I use Panda software suite, was very highly rated.

d) same result on both computers- one I played with the port settings; other I did nothing. Turning off Panda firewall worked on both computers

HOWZ ME GIT COOKEY?

[jinkobi]

Some firewalls cause more problems than they solve.

[Monk3yv]

I too had an account compromised. the hacker had emptied my guild bank because I had access to all tabs, vendored all items except my gear (this I found rather odd because he kept the gear for my multiple specs).

I purchased an authenticator after this and I didnt even change the password. The next day I took the authenticator off of my account and waited to see if the account would be compromised again. (I am crazy like that) Well it never happened.

Me being the paranoid person that I am immediatly thought, "Inside job!" What's stopping a company from doing shadey dealings, such as faking a hacked account just to make you buy an authenticator, once they see you have one, they go to the next person. All items were restored of course.

Overview:

What does blizzard have to gain from compromised accounts? Sales in authenticators.

They have the information needed, the power, and a motive. And who is to say someone in the coorporate ladder couldnt be selling your account information to ammatures to "do the deed". Thus pushing you to purchase their new safety feature.

Highly unlikely, but hey it would be pretty hard to "catch" if everyone is so ready to accept that it could never happen. Maybe I shouldn't watch The Manchurian Candidate when drunk haha!

[Owltoid]

I have a feeling that there have been quite a few hacked accounts that led to people giving up the game. I just don't see Blizzard making a business decision to cause a huge amount of frustration to their players and risking losing subscription for the hope of getting a one time authenticator fee.

[Monk3yv]

Well I mean, only they have access to those kinds of statistics*. If it worked out in their favor numbers wise, -shrug-

*You know the "why are you leaving me, i thought we were friends" survey you take when you cancel your subscription.