Thread Tools Display Modes
08-13-10, 06:09 PM   #61
tralkar
An Onyxian Warder
 
tralkar's Avatar
Join Date: Jan 2005
Posts: 352
Not sure if this is what happen but, maybe it will help others.. Never- never answer an E-mails, If you get one from blizzard its 99.9% its a hacker..Never go to the link they give you and give your password.. First time i had one of these 2 weeks later BAM I was hacked..
  Reply With Quote
08-13-10, 07:17 PM   #62
dc_roenfanz
A Murloc Raider
AddOn Author - Click to view addons
Join Date: May 2005
Posts: 9
That really sucks bro. I was hacked myself, much like you, but I've got a kicker. I was hacked after not having played WoW for at least six months.

Yes you heard me, I wasn't even playing and my account got hacked. Luckily I was able to retrieve everything.
  Reply With Quote
08-13-10, 09:07 PM   #63
Krahg
A Deviate Faerie Dragon
 
Krahg's Avatar
AddOn Author - Click to view addons
Join Date: Dec 2009
Posts: 19
Originally Posted by Gristadar View Post
just a fyi, if you used the remote ah, people are getting hacked even with authenticators if they used the remote ah and then there phone was hacked, happened to some1 I know. blizz the last I heard has suspended the remote ah
I searched goolge and the official forums and I don't see anything about this. Also I participate in a gold farming forum and nothing is mentioned there either. I feel almost certain the goblins I play with would have heard of this if it were true.

Can you provide any details from a reasonable source? Worldofwarcft.com, Wowhead, Blizzard or anywhere at all? I would like more info on this.
  Reply With Quote
08-14-10, 02:21 AM   #64
Nefrirr
A Cyclonian
 
Nefrirr's Avatar
AddOn Author - Click to view addons
Join Date: Jul 2008
Posts: 44
First of all: I also wouldn't entirely dismiss the possibility of accounts being compromised due to the fault of Blizzard. I just argue that it is pretty improbable and that the blog article is rather shady in its argumentation. Most of it is not solid proof but just educated guesses.

Originally Posted by Fenixhawk View Post
1. There is no increase in hacking of WoW accounts - google search trends showed that more people were having hack issues, increased forum activity, and Blizzard themselves confirmed that there was an increase.
While I actually believe that a increase in hacked WoW accounts is probably true (why else would Blizzard have started to push authenticators, even givng away a ingame pet to attract users?), the argumentation is not solid.

1.) Illogical reversion of an implication: an increase in hacking is only a very weak support for security issues on Blizzard's side. Would that cause a increase? Yes. Does an increase mean it is the case? Not necessarily.

2.) Google searches about account hacking might very well be corraleted with actual hacks happening. Again, correlation is not causality - and even if it would prove a significant increase, 1.) still holds.


Originally Posted by Fenixhawk View Post
2. Users said that "Blizzard is required by law to notify everyone of any such breach. Since there has been no notifications, no breaches have occurred." If you search the forums you can see that this is true, and he showed the data breach laws (but you skimmed over them) that confirmed they don't have to do anything.
This is something that I don't have enough experience to judge by myself, but at least it contains a link to what seems to be a scientific article. I can live with that and the initial argument "nothing was supported, thus nothing happened" is actually also crap. Blizzard might still cover it up or even not be aware of it at all, even IF Blizzard was forced by law to report such occurrences. HOWEVER, this just supports the general notion, that it is POSSIBLE that Blizzard COULD be compromised.

Originally Posted by Fenixhawk View Post
3. Users said "Blizzard's systems are foolproof". How would you recommend a person proof that nothing is foolproof if the company hides all breaches?
Again, this is just an argument against a statement that is inherently wrong from the beginning and thus trivial to disprove. The author is right: no system is foolproof, even cryptographic systems that can be mathematically proven to be secure sometimes fail in practice, because of the physical implementation or human failure. But again, just an argument against "It's impossible that Blizzard is hacked." Still, Blizzard probably uses much more security measures than the typical WoW-Player, thus it is quite a bit more probable, that the player was hacked, not Blizzard. This is however downplayed by the author.


Originally Posted by Fenixhawk View Post
4. Users and even a Blizzard employee said that they do not employ fraud spe******ts. So they linked a copy of the job posting and links to people who are still employed by Blizzard as internal affairs.

I'd say everything provided was pretty good (and publicly available) evidence!
And I thought employing fraud spe******ts to counter inside jobs would be a good thing. If they didn't hire such people, the argument would probably be: "Blizzard does not investigate internal security breaches at all!!! This means they don't care or even support them!!!11"

The point is, while the "evidence" was nice to read, it does only prove, that there is indeed the POSSIBILITY of security issues on Blizzard's side. As I understand, you are saying that revealing this possibility was the intention of the blog author.


Originally Posted by Fenixhawk View Post
He was an IT Professional and is very uncertain now and fearful of what else could be on his PC.. all because everyone was telling him that his PC is infected.
I would, too. And not, because I think it is impossible to hack blizzard. Being a professional does not make you immune to attacks. This is not irrational fear, he actually has a pretty good reason to think he overlooked something in his security measures. Maybe even his mail account could be compromised which can have much more serious implications than losing some WoW characters.

Originally Posted by Fenixhawk View Post
Here is what was summarized in that article by the way: "I'm not saying that all of these account hacking incidents were as a result of internal theft, but atleast be OPEN to the possibility that it's not always the users fault."

It's not an attack on Blizzard, it's just trying to make people aware and to open their minds to possibilities.
This is a responsible way of interpreting this blog articles. But I guarantee, that is not how most people read it and that is not surprising, because of the tabloid-nature of the whole article... "What Blizzard doesn't want you to know!" Really? Come on, even the title smells of "unveiled corporate conspiracy" and, more importantly, the author suggests that there IS a security breach AND that it is responsible for the suggested increase in account hacks. He does this by citing a short comment on reddit.com that supplies no sources at all. It's just a rumor.

And what will most people make out of that? "OMGWTF Blizzard was teh haxxored!!!! I knew it, it's their fault, not mine! I will not use an authenticator because Blizzard is hacked anyway and it will not help!" And I am not making this up, I heard this quite a lot in the last few months. (Only anecdotal evidence, I know). But this was the core of Bluespacecows message and I still think there is a very big difference between what he is saying and what the blog is saying.
  Reply With Quote
08-14-10, 02:56 AM   #65
Nefrirr
A Cyclonian
 
Nefrirr's Avatar
AddOn Author - Click to view addons
Join Date: Jul 2008
Posts: 44
Originally Posted by Fenixhawk View Post
But more people who get hacked are very quick to believe in rumors that their PC is unsecured. And more people who see hacked accounts are very quick to spread theories that their PC is unsecured.


The most popular belief is a trojan. The article looked at everything from the other side of the coin.
I won't argue against that. And I would never talk down to someone who got hacked and imply he was doing something wrong, when I have no information about his security measures, at all. I just say that trojans, human failure (e.g. using same passwords and e-mail adresses elsewhere) and compromised mail accounts are more probable.

The article has a tenor I just do not like. It will probably influence those people who do not care enough about security anyway in a very bad way. In my experience, people will not take such articles with the grain of salt that is needed to get the big picture.

Originally Posted by Fenixhawk View Post
Funny you mentioned that.. a Blizzard employee stated that the poster was a conspiracy nut because he was talking about some fabled "Fraud Manager" position.
I should clarify: I like satirical exageration and use it on a regular basis to get my point accross. I'm not dismissing everyone who has a different point of view or a different opinion on the issue as a conspiracy theorist. But I still argue that the article that was quoted here lacks reliability.


Originally Posted by Fenixhawk View Post
The thing is.. it was real. There's proof. Lots of it. Bluspacecow even knows that they have these positions in corporations.
What is real? If you think now that there actually WAS a security breach at Blizzard that supports my point. The only thing the article did at all was prove that the possibility exists and interprete (more or less loosely related) facts in a way that suggests that it is not only possible but really happened - without actually proving it.

EDIT: Sorry, I didn't realize there were two subsequent posts by you, Fenixhawk. Thought it were different authors. Judging from your first post, this is probably not what you think. At least I hope so. ;-)

Last edited by Nefrirr : 08-14-10 at 04:20 AM.
  Reply With Quote
08-14-10, 03:34 AM   #66
Bluspacecow
Giver of walls of text :)
 
Bluspacecow's Avatar
AddOn Author - Click to view addons
Join Date: Dec 2006
Posts: 770
Originally Posted by Fenixhawk View Post
The problem they wrote was that too many people were blaming the user and that it's very rare when a user blames Blizzard. It's usually the other way around, and even Blizzard points their finger at the user.
Except of course where you have two legal documents every users signs leaving the security of their login information to themselves. Blizzard also have privacy policy they adhere to - it's posted at that link above.

That and for every post I've seen in the CS forums where this was asked a Blue has come forward and said it was not on their side.

Now it comes back to do you trust the company you are handing your money to every month or don't you. Do you trust a Blue to tell the truth?

Their privacy policy lists a way of reporting it to the ESRB board. It strikes me that if there were "breachs" in Blizzard's security surely they would of been reported to the ESRB and hereby investigated by the ESRB ?
Originally Posted by Fenixhawk View Post
Here were the arguments:
1. There is no increase in hacking of WoW accounts - google search trends showed that more people were having hack issues, increased forum activity, and Blizzard themselves confirmed that there was an increase.
I would just like to point out here that evidence of increased google searchs isn't really proof of an increase in hacking.

It's more of an increase of interest in hacking. The difference is very subtle but if you look at his search terms he used they were too broad to specifically catch only instances of people reporting they were hacked.
Originally Posted by Fenixhawk View Post
2. Users said that "Blizzard is required by law to notify everyone of any such breach. Since there has been no notifications, no breaches have occurred." If you search the forums you can see that this is true, and he showed the data breach laws (but you skimmed over them) that confirmed they don't have to do anything.
No.

He said at the end they didn't exist. I've read posts in the CS forums from people involved in those sort of laws in CA and they've confirmed they do exist. These are lawyers or lawyers in training who have made posts about specifically which laws those are.

If you like I can confirm which laws in particular those are.
Originally Posted by Fenixhawk View Post
3. Users said "Blizzard's systems are foolproof". How would you recommend a person proof that nothing is foolproof if the company hides all breaches?
Again it comes back to that whole trust issue. Like I've pointed out above Apple had 2 very large serious data breachs recently. They did not "sweep it around the rug". They come forward to confirm the breachs occured and why.

You ever trust a company. In which no amount of contary evidence is enough to convince you otherwise. Or you don't.

How would you prove it ? Simple. An email from inside the company with email routing headers proving it come from inside Blizzard with names, addresses and credit card numbers of clients.

You can say its a cover up but I prefer to come back to the first law of forensics : Everything leaves a trace. Everything. Search hard enough and you find it.
Originally Posted by Fenixhawk View Post
4. Users and even a Blizzard employee said that they do not employ fraud spe******ts. So they linked a copy of the job posting and links to people who are still employed by Blizzard as internal affairs.
You're using the wrong word. Fraud spe******ts isn't the same thing as internal affairs. They may do the same sort of job but they are two separate sort of roles.
Originally Posted by Fenixhawk View Post
Those are the exact emotions of the OP of this thread! He was an IT Professional and is very uncertain now and fearful of what else could be on his PC.. all because everyone was telling him that his PC is infected.
Just because he's an IT professional does not excuse him for lapses in his own computer security.

He's only one guy while Blizzard employee entire teams responsible for keeping their computers secure. They even have their own NOC manned 24 hours a day against computer attacks.

Can the OP honestly say the same about his computer security ?
Originally Posted by Fenixhawk View Post
It's not an attack on Blizzard, it's just trying to make people aware and to open their minds to possibilities.
You say that now my friend but posting that link as you did really didn't help things at all.

When making the post you had a choice what text to have as the link. Instead of choosing something that was a little less sensationalist you choose a headline that would almost guarantee someone would start blaming it on Blizzard. Without ever checking their own computer security first.

Someone should start blaming hacked wow accounts on a one armed man >_>
__________________
tuba_man on Apple test labs : "I imagine a brushed-aluminum room with a floor made of keyboards, each one plugged into a different test box somewhere. Someone is tasked with tossing a box full of cats (all wearing turtlenecks) into this room. If none of the systems catch fire within 30 minutes, testing is complete. Someone else must remove the cats. All have iPods." (http://community.livejournal.com/tec...t/2018070.html)
  Reply With Quote
08-14-10, 03:43 AM   #67
Bluspacecow
Giver of walls of text :)
 
Bluspacecow's Avatar
AddOn Author - Click to view addons
Join Date: Dec 2006
Posts: 770
Originally Posted by Fenixhawk View Post
But more people who get hacked are very quick to believe in rumors that their PC is unsecured. And more people who see hacked accounts are very quick to spread theories that their PC is unsecured.
And what if their PC were unsecured ?

That's the danger with this whole "let's take no responbility for own computer security and Blame Blizzard" bandwagon.

They then take no action to secure their PC , their email gets hacked , their bank accounts get hacked etc etc .. Things that have more far reaching consquences then the login to a game.

I read all 7 parts and there were only 2 parts with actual evidence and the other 5 were rehashes of "they are wrong ... wrong .. WRONG!" with no evidence posted to support it.

The thing is.. it was real. There's proof. Lots of it. Bluspacecow even knows that they have these positions in corporations.

From the article: "It's typically a very small number of employees who engage in these types of activities."
It still is real. It's just that the job title is a slightly different thing.

IMHO the job listings were pulled because they had filled the positions.
__________________
tuba_man on Apple test labs : "I imagine a brushed-aluminum room with a floor made of keyboards, each one plugged into a different test box somewhere. Someone is tasked with tossing a box full of cats (all wearing turtlenecks) into this room. If none of the systems catch fire within 30 minutes, testing is complete. Someone else must remove the cats. All have iPods." (http://community.livejournal.com/tec...t/2018070.html)
  Reply With Quote
08-14-10, 06:46 AM   #68
waeponx
A Kobold Labourer
Join Date: Jul 2009
Posts: 1
Very interesting, I myself have been playing since beta (vanilla) I have had 2 accounts total and never been hacked or banned. I have had an abundance of suspensions for Trolling / Harassment. But I have never had my account compromised.

Steps that I take in account security.

Password is always generated as an md5, never a keyword such generated. Just a random md5 string.

When Battle.net was released I immediately signed up for it.

Bought an authenticator on the day of release.

I have a Anti-virus / Firewall. (Eset Smart Security) And varies tools that were custom.

I change my password every 2-3 weeks.

I do alot of the things you listed that you do not do. I have been involved in blackhat/whitehat projects since 1998. I check for hidden/modified files upon logging into my computer. I check all my logs and ports for unwanted packets being sent.

Lastly I think this is what really gets it for me is, I reformat on a regular basis. Once a month at least. Keeps my PC running smooth and clean 100% of the time, and pretty much ensures that I remain free of adware/spyware/viral programs.
  Reply With Quote
08-14-10, 07:03 AM   #69
break19
A Flamescale Wyrmkin
AddOn Author - Click to view addons
Join Date: Dec 2006
Posts: 116
Well, I have been a victim myself, of being hacked, as well as my wife (twice for her).

She uses a mac, always has, after the first time, she began using a mac-only program called "Random PW Generator" you tell it the minimum and maximum length of PW and click a button.. it gives a bunch of letters and numbers randomly..

She doesn't buy gold or anything of that nature, and neither do I. We have better things to spend our money on. (in fact, from time to time, we cancel our wow account because we're gonna be short that month)

I use a simpler method of generating passwords, I open notepad, close my eyes, and type random keys. then I take the first 16 characters of it and voila, thats my password.


To this day, neither one of us can figure out how we got hacked..

I wasn't even playing wow when I was hacked. I was, however, playing the SC2 beta.. my wow account had been unused for about a month at that point. I was given a free month to be able to log in to check equipment and stuff.. but I didn't really check everything, as my characters are very spread out.

TL;DR: I feel yer pain.
  Reply With Quote
08-14-10, 07:04 AM   #70
ReverendD
A Rage Talon Dragon Guard
 
ReverendD's Avatar
AddOn Author - Click to view addons
Join Date: Sep 2006
Posts: 343
Originally Posted by waeponx View Post
Very interesting, I myself have been playing since beta (vanilla) I have had 2 accounts total and never been hacked or banned. I have had an abundance of suspensions for Trolling / Harassment. But I have never had my account compromised.

Steps that I take in account security.

Password is always generated as an md5, never a keyword such generated. Just a random md5 string.

When Battle.net was released I immediately signed up for it.

Bought an authenticator on the day of release.

I have a Anti-virus / Firewall. (Eset Smart Security) And varies tools that were custom.

I change my password every 2-3 weeks.

I do alot of the things you listed that you do not do. I have been involved in blackhat/whitehat projects since 1998. I check for hidden/modified files upon logging into my computer. I check all my logs and ports for unwanted packets being sent.

Lastly I think this is what really gets it for me is, I reformat on a regular basis. Once a month at least. Keeps my PC running smooth and clean 100% of the time, and pretty much ensures that I remain free of adware/spyware/viral programs.
Just curious then, at what point do you use your PC for gaming, browsing, etc? Seems like your too busy rebuilding, changing md5 hashes, checking logs, files, and ports.

I too used to do similar things, but it got to be too much of a hassle and never left much time for anything else. Now I just run basic AV, no firewall (hardware is good enough), strong password for each account that can have private information, and I pay attention to my PC and surfing habits. That's been enough to keep me clean.

I used to rebuild about once every 3 to 6 months, but since I started making a clone from a clean and updated install, I just restore that and start playing again. So much faster/easier.
__________________
"Computers have enabled people to make more mistakes faster than almost any invention in history, with the possible exception of tequila and hand guns" - Mitch Ratcliffe
“A computer once beat me at chess, but it was no match for me at kick boxing” - Emo Phillips
  Reply With Quote
08-21-10, 07:31 AM   #71
Riddrick
A Cliff Giant
 
Riddrick's Avatar
Join Date: Nov 2007
Posts: 72
Many tricks

And yes..Beware of those retarded message
Sent from "Blizzard",,they are just from
a bunch of mails from gold sellers
traying to get a easy buck!!!
Retarded.. i'am sorry that was an insult
to the retarded..i mean someone how was
an idiot and then get retarded.

I'am not going to send any links
...for your safety


2010-08-08
Link to this site and send info or your
account in 3 days or we have to freze
your account.

2010-08-12
Hmm.. still playing

2010-08-15
Link to this site and send info or your
account in 3 days or we have to freze
your account.

2010-08-21

Hmmm. yee what ever....

(That was the last one, I'am tired of this.
If that happen again i'am off.
I was better on my own!!your move!!
This has nothing to do with the message above)
__________________
DonŽt drink and drive they say,
now i lost the counting for the
bad stuff that happen to me.
RUN when you see me becuse
iŽam going to be soooo loaded!!!
If you donŽt knock on the doors,
donŽt expect a good welcome!
http://www.youtube.com/watch?v=ya2KR4VQwu4
Now the real killing begins!!

Warsong

Last edited by Riddrick : 08-21-10 at 07:41 AM.
  Reply With Quote
08-21-10, 08:25 AM   #72
Bluspacecow
Giver of walls of text :)
 
Bluspacecow's Avatar
AddOn Author - Click to view addons
Join Date: Dec 2006
Posts: 770
Originally Posted by Riddrick View Post
And yes..Beware of those retarded message
Sent from "Blizzard",,they are just from
a bunch of mails from gold sellers
traying to get a easy buck!!!
The easiest way to check if these emails are kosher or not is simply to login. First to game and then to battle.net. If you can login then your account's obviously not frozen.

Also if you get the full headers and check certain key fields you can very quickly see it's not from Blizzard. For example the "Return-Path" field is often not faked. Some email clients will also fill in "X-Originating-IP" and "X-Originating Email" as well. Blizzard's email servers will be registered under Blizzard Entertainment when you do a whois search.
__________________
tuba_man on Apple test labs : "I imagine a brushed-aluminum room with a floor made of keyboards, each one plugged into a different test box somewhere. Someone is tasked with tossing a box full of cats (all wearing turtlenecks) into this room. If none of the systems catch fire within 30 minutes, testing is complete. Someone else must remove the cats. All have iPods." (http://community.livejournal.com/tec...t/2018070.html)
  Reply With Quote
08-21-10, 09:11 AM   #73
Riddrick
A Cliff Giant
 
Riddrick's Avatar
Join Date: Nov 2007
Posts: 72
To bored,to drunk...eeeee no i
can still stand on my feet.

Is there a Captain Riddrick in you..
drink responsible..at least don't get to drunk
theres no fun in it...
trust me i know (all the gap).

How's ever feel to listen to some music:

http://www.youtube.com/watch?v=0OP5E...eature=related

http://www.youtube.com/watch?v=uhGxgKP1dao

http://www.youtube.com/watch?v=UCmUhYSr-e4

And some ~ joke

This is my kids cloths, Washi washi...
Looks good, smells good

This is my cloths Washi washi...
Looks good, smells good

This is my wifes cloths, Washi washi...
Washi washi...
Washi washi...
Washi washi...
__________________
DonŽt drink and drive they say,
now i lost the counting for the
bad stuff that happen to me.
RUN when you see me becuse
iŽam going to be soooo loaded!!!
If you donŽt knock on the doors,
donŽt expect a good welcome!
http://www.youtube.com/watch?v=ya2KR4VQwu4
Now the real killing begins!!

Warsong
  Reply With Quote
08-21-10, 12:23 PM   #74
MidgetMage55
Grinch!
 
MidgetMage55's Avatar
AddOn Author - Click to view addons
Join Date: Feb 2007
Posts: 1,498
Originally Posted by Riddrick View Post
To bored,to drunk...eeeee no i
can still stand on my feet. ....


.... I have no idea the point you are trying to make with this that pertains to this thread.

On topic:

Not too long ago (little over a month) my wife had her account hacked. She had not been playing for well over 5 months. Unfortunately she was also the leader of our main guild and a smaller one for alts. Needless to say they got EVERYTHING, guild banks and all.

Immediately after which I changed everything that was possible for my account. Dedicated email, an even more complex password. All the usual suspects. She has followed suit after she regained control of her account.

In the end as stated several times, aside from the above measures just simple good sense about you as you roam the dark reaches of the web will be one of the greatest tools at your disposal. Good software defenses are a must I feel as well.

I always hear from customers at work "I don't need such and such" to which I reply "When you receive prompts from your computer do you read them or simply click ahead/enter your password?" which is followed by silence and a guilty look.

This is where a good sense about what your doing on the web is the most important. Your defenses in terms of firewalls, anti-virus etc. are only going to take you so far. Make sure you read anything that pops up as a system prompt if you were not expecting it. If you are unsure what it does don't do anything and open a browser to look in to it. Alternately if your a smart phone user research is there.

Just use your head and don't be in such a rush to click that next button/enter a password to get to the end.
__________________

I think Hong Kong Phooey was a ninja AND a pirate. That was just too much awesome. - Yhor
  Reply With Quote
08-22-10, 08:40 AM   #75
Tarrax Ironwolf
A Murloc Raider
Join Date: May 2007
Posts: 9
Back in June, my wife, my friend (part of our guild), and my own accounts were hacked at the same time. None of us share any account information with each other, none of us use any add-on's that aren't from WoWInterface, and we are very familiar with not opening any suspicious program/email/messages we receive in email or other online sites.

Each of our computers are stocked up with anti-virus, anti-spyware, and anti-malware programs (My wife and I alone each have 5 such programs running).

Once we found out that we were hacked we all ran a sweep of our computers and they all came up clean. Not a single mal/spyware installed. We contacted Blizzard and they asked if we checked our computers, and we told them we were clean. They asked what programs we had installed and I listed them off, and support rep was quite surprised at our list (which was exactly what they're list consisted of).

So we aren't exactly sure how they were able to access our accounts when none of us leaked any info out either voluntarily or through a hidden malicious program?
  Reply With Quote
08-22-10, 11:15 AM   #76
Taryble
A Molten Giant
 
Taryble's Avatar
Join Date: Jan 2009
Posts: 811
Websites with flash ads, or a leak from Blizzard's end, in your case.

You heard me. Adobe Flash is a fairly hefty vector for mal issues nowadays, and it's pretty much non-scannable by anti-malware/antivirus programs. If you have websites with a flash advert up when you log into WoW, there's a possibility that your login/password can be nicked. They target these adverts at WoW-related sites - several months ago, one was found appearing on the wow.com blog site, wowhead, and several others.

I highly suggest running some form of no-ad plugin for your browser.
__________________
-- Taryble
  Reply With Quote

WoWInterface » General Discussion » Chit-Chat » Accounts hacked.. Banned... Cry...

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off