Disabled WoW account hacked (again!)?

Matmulder

Matmulder

Matmulder

Soldato
Joined
21 May 2004
Posts
2,616
Location
South Staffs
I haven't played WoW for two years. Never tried to logon, except for when I converted all my accounts to Battle.net about 18months back, or whenever it was they merged WoW/Battle.net

About 9 months back, my account, which had been inactive for about 12 months, was hacked, fleeced of all accounts/items. I got it back (just in case I was planning to return) but needed to pay to reactivate my account so a GM could return my items. I didn't bother, so they're all nekkid.

No idea how they managed to do this, couldn't be a keylogger as I'd never attempted a login in a LONG time, and they couldn't guess it as it was some bizarre combination of various numbers and characters unique to the account.

Anyway, this week it happened AGAIN. Account was activated (!?) with a 10 day trial, abused before being locked by Blizzard. I've just recovered it once more. As its a Battle.net account and I'm foaming at the mouth in anticipation of D3, I want to keep this account under control and active.

I don't understand how the chuff this keeps happening? Is it just me??

Blizzard tell me it a Trojan/logger - not possible. I need to type the password in for it to be logged, and I never do. That, and I doubt they'd wait nearly a year. Not to mention my computer is regularly scanned for AV/Spyware and I'm pretty damn careful about what I click on, or open. Working in IT I like to think I'm pretty clued up on scam emails and dodgy sites.

Its a minor rant on my part, I guess the only thing to do is set the Authenticator up on my phone, I'm just confused as to how they manage this, and a little bit disturbed that they know the answer to my security questions (I've seen the "Your password has been reset" emails sent through, although ignored most as I considered them scams).

I could understand on an active account, when I type the password in all the time...but on inactive accounts?? Is it just me having this problem?
 
In situations like this I nearly always suspect either a leak within the company mentioned or incredibly lax security around the company in question. Yet the company in question will never, EVER admit to any of this, hence it's always your fault, without exception.
 
if there's leaks in the company that has your card details why steal the account when they can steal your money?
 
I played WoW for just 2 months years ago and never touched it again. A few weeks ago my WoW account got added to someone called Richard's battle account, and I was o.O WTH?????

I had to make sure it wasnt a phishing scam first, and nope, it was an Email from the real Blizzard battle account people, letting me know that my copy of WoW I have bound to my Email address was now on Richards battle account.

I emailed them a photo of my driving license and my WoW key and asked them what was going on. They deactivated my battlenet account for security and I had to reset my password. I did that and got back into my account, and I have my copies of Diablo II and WoW on there as they should be?

I really dont believe that I was hacked, I believe that Blizzard messed up with the battle account / adding games stuff with mine and someone elses accounts.
 
The user accounts database must have been compromised.

Tefal said:
if there's leaks in the company that has your card details why steal the account when they can steal your money?
Click to expand...

Companies don't typically store card details, they use a payment processor.
 
Last edited:
Yup, I had this happen only the other day, I randomly play WoW for a short period of time every couple years, last time was probably, no real clue, around a year ago, I think I played for a couple months end of, 2009 now.

Current computer has never logged on to battlenet, at any time, I reinstalled ages and ages ago and another time or two inbetween with new hardware.

Its 100% certainly NOT a trojan/keylogger or anything my end, though I was put off trying to log into battlenet to check the status of my WoW accounts incase it was but the whole thing just made no sense at all.

Its clearly a case of, massive massive security flaw and someone managed to get access to their servers and get data off it, or someone that works for them with access is stealing data, I'm not sure which is worse, someone internal could do so much damage and potentially steal CC info, someone external means a massive security risk and again could mean other more dangerous info getting out.

As the OP, I just can't see any situation at all in which someone could have randomly guessed a random password and logged in.

The absolute cynic in me wonders if its not a trick to get you to log in and check your precious characters, and once you have you've paid for another month hoping the bug to play comes back :p

Do'h, I was going to ignore it completely as I really didn't care much about it at all, its just occured to me Starcraft 2 is on there, so I have logged in to battlenet(you had to log in to play didn't you, or maybe you didn't I can't remember). I basically played single player over a couple weeks, got bored, haven't installed/played it since so thats still on my previous computer and 6 months ago or so.
 
It makes sense to use an Authenticator nowdays, esepcially as it's your battlenet account rather than just wow. With D3 coming.

You can get the Authenticators for free for mobiles and ipods or buy one for up to a tenner. Well worth it.
 
Faztastic said:
i personaly think blizzard do this themselves to make you buy an authenticater
Click to expand...

Mobile / Ipod authenticators are free. Not to mention the fact that they have to put work into getting your stuff back, investigating it etc so i hardly think its them doing it. If they wanted more money they could just put up another mount for £20 or something which a lot of people would buy, because its limited edition.
 
Similar issues for me as well.
When the Battle.net thing came out, i gave no thought.
Roll on 5 months and i decide to pair my WoW account, just incase i ever play again (fat chance but still) and find its paired to someone else Battle.net account.

Reclaim it, pair it to my own.
Since then my Battle.net account has been compromised about 4 times, and my WoW account has been unpaired and paired back to another account yet again.

So i give up, ill be making a new account for D3.

Never been on dodgy sites, and besides i hadn't logged in for god knows how long either for a keylogger to work.
 
Alpherah said:
Similar issues for me as well.
When the Battle.net thing came out, i gave no thought.
Roll on 5 months and i decide to pair my WoW account, just incase i ever play again (fat chance but still) and find its paired to someone else Battle.net account.

Reclaim it, pair it to my own.
Since then my Battle.net account has been compromised about 4 times, and my WoW account has been unpaired and paired back to another account yet again.

So i give up, ill be making a new account for D3.

Never been on dodgy sites, and besides i hadn't logged in for god knows how long either for a keylogger to work.
Click to expand...

This is all happening with an authenticator?
 
Tefal said:
if there's leaks in the company that has your card details why steal the account when they can steal your money?
Click to expand...

possibly those details are more closely guarded? or possibly the bank / card database is heavily seeded / monitored....

I also know several poeple who had hacked account but had nothing odd on their PC..
 
Puppetmaster said:
This is all happening with an authenticator?
Click to expand...

The Authenticators were worked out months ago I am sure, they were posts about it on the usual gaming forums.

I got a text last year from a friend to ask if I was playing WoW again as they saw my character floating about. Took days to get through to Blizzard that it wasn't me, got the account back etc, then bought an Authenticator, merged the WoW/Battlenet accounts and tied it down with a new password, email address and Authenticator. Never touched the system again, 4 months later once again my wow account is in use and not linked to my account this is with the Authenticator attached to the account. All I got from Blizzard was that it was impossible for that to happen and I must have given my Authenticator to someone else.

When SC2 landed, I made another account with a different authenticator to hopefully stop the account getting taken again. Not a problem as yet but the WoW one which hasn't been used or touched in over 3 years is constantly getting reactivated and it's certainly not me doing it. I even asked Blizzard to completely delete the WoW account as I had no intention of ever going back to it and they refused to do that either, even after scanning the driving licence etc and the other bull security hoops they make you jump through.
 
I suspect it mostly comes from people who use the same email / password for a forum/site and wow as these are compromised all the time. While i realise a lot of good sites use hashing and salt, some very big ones obviously don't like gawker admitted etc etc...
 
Myshra said:
I suspect it mostly comes from people who use the same email / password for a forum/site and wow as these are compromised all the time. While i realise a lot of good sites use hashing and salt, some very big ones obviously don't like gawker admitted etc etc...
Click to expand...

In the majority, most likely, but my battlenet account has a different email address and password to everything else I use. Just as the forum logins and passwords are different from my email and banking etc.
 
Myshra said:
I suspect it mostly comes from people who use the same email / password for a forum/site and wow as these are compromised all the time. While i realise a lot of good sites use hashing and salt, some very big ones obviously don't like gawker admitted etc etc...
Click to expand...

My passwords / login details are different for gaming (Xbl, Steam) and forums.
So cant be that



Grey M@a said:
The Authenticators were worked out months ago I am sure, they were posts about it on the usual gaming forums.

I got a text last year from a friend to ask if I was playing WoW again as they saw my character floating about. Took days to get through to Blizzard that it wasn't me, got the account back etc, then bought an Authenticator, merged the WoW/Battlenet accounts and tied it down with a new password, email address and Authenticator. Never touched the system again, 4 months later once again my wow account is in use and not linked to my account this is with the Authenticator attached to the account. All I got from Blizzard was that it was impossible for that to happen and I must have given my Authenticator to someone else.

When SC2 landed, I made another account with a different authenticator to hopefully stop the account getting taken again. Not a problem as yet but the WoW one which hasn't been used or touched in over 3 years is constantly getting reactivated and it's certainly not me doing it. I even asked Blizzard to completely delete the WoW account as I had no intention of ever going back to it and they refused to do that either, even after scanning the driving licence etc and the other bull security hoops they make you jump through.
Click to expand...

This was what i was trying to say earlier in the thread happened to me, exactly the same.
 
Same happened to me, made an ebay account to buy a cheap mower, never used it again until 18 months down the line I started getting emails about auctions and so on.

My email hadn't been compromised, just my ebay account. Ebay spotted the obvious dodgy auctions and killed the account, I couldn't be bothered to jump through their hoops to re-activate an account I didn't use so left it.

I blame indian / albanian call centres tbh. Could be they look for old in-active accounts thinking the owners won't notice their activity.
 
Telescopi said:
I blame indian / albanian call centres tbh. Could be they look for old in-active accounts thinking the owners won't notice their activity.
Click to expand...

I think thats the key - inactive accounts are the best targets.

I just refuse to believe its keyloggers/trojans (although I understand in a lot of cases it can be). Which only really leaves internal leaks, and on a game with the scope of WoW and the many, many support staff across the world, I guess its not suprising.

TBH I don't care about WoW, but all this worries me for D3! :p
 
You must log in or register to reply here.
Back
Top Bottom