While I do like the idea of authenticators, I think to say that you need one is a bit over the top. A clean computer, with a good strong password and common sense is safe enough.
Hacked again
- Thread starter No1newts
- Start date
While I do like the idea of authenticators, I think to say that you need one is a bit over the top. A clean computer, with a good strong password and common sense is safe enough.
Of course you dont need the authenticator as DAnDan says common sense and clean computer is all you really need.
Id maybe consider that your email account might have been the weak link that lead to your account being compromised. Either way I hope Bliz sort you out quickly and that these knobheads dont get your account back
.
Id maybe consider that your email account might have been the weak link that lead to your account being compromised. Either way I hope Bliz sort you out quickly and that these knobheads dont get your account back
.
Soldato
- Joined
- 16 Jan 2003
- Posts
- 10,856
- Location
- Nottingham
Just so you know copy and paste does nothing to protect you, it's trivial for a keylogger to read the contents of the clipboard. It's also possible that your email is also compromised and they are resetting your password and accessing your account that way. As said I'd format and reinstall to remove all doubt. Also I'd set up a new email account for your Battle.net on a known clean system.
Also if you're using firefox I'd take a visit here to make sure all your plugins are updated.
http://www.mozilla.com/en-US/plugincheck/
Also with you having access to the Cataclysm alpha(I think you do anyway) You should probably get access to your alpha account blocked temporally too considering it's covered by a NDA.
Also if you're using firefox I'd take a visit here to make sure all your plugins are updated.
http://www.mozilla.com/en-US/plugincheck/
Also with you having access to the Cataclysm alpha(I think you do anyway) You should probably get access to your alpha account blocked temporally too considering it's covered by a NDA.
Soldato
- Joined
- 11 Jul 2004
- Posts
- 16,147
- Location
- Neptune
In the OP you say you copy/paste your password? Do you mean you keep your password stored on your computer all the time?
Yeah in a document. Is that a no no as well?
Bloody keylogger scumbags. Going to follow that 6 step guide thing should be useful. Changed the pass on my e-mail as well
Never a good idea to keep your passwords on file on a computer, its the digital equivalent to having your bank card pin number written on a post-it note stuck to your card
I have a lot to learn
Deleted them and got rid of the post it off my bank card
Following the instructions off the forum guide which should hopefully help.
Nuking the computer too next week sometime.
Not sure if this has been posted before but there is quite an interesting blog post on the Symantec site about millions of hacked accounts being traced back to one source:
http://www.symantec.com/connect/blogs/44-million-stolen-gaming-credentials-uncovered
They seem to have removed some of the statistics they previously had in the post.
Shame but a vast majority were WoW accounts and then Aion second. A few others I can't remember now.
http://www.symantec.com/connect/blogs/44-million-stolen-gaming-credentials-uncovered
They seem to have removed some of the statistics they previously had in the post.
Shame but a vast majority were WoW accounts and then Aion second. A few others I can't remember now.
I got a password reset e-mail for my battlenet account the other day - except I hadnt reset it??? Could this be someone hacking my account? I did reset it a few weeks ago when I got the SC2 beta.
Have changed the password and added the free authenticator iphone app in the meantime.
Have changed the password and added the free authenticator iphone app in the meantime.
Most likely it was one of those fake emails (I get one every single day) designed to look like an official one so that you click on the link in the email which takes you to a dummy webpage address which then logs your account details so that they can swipe your account.
Yeah in a document. Is that a no no as well?
Just to make sure, in this text document you don't have something along the lines of:
wow username: lalala
wow password: lalala
And I hope you don't have some crap like Limewire installed where you share the content of all your music/videos/DOCUMENTS etc.
Soldato
- Joined
- 31 May 2009
- Posts
- 21,468
I believe when folks talk of secuirty by using a password file, they mean a file encrypted on a USB stick that you put into the machine prior to copypaste, rather than a desktop or documents based unencrypted file that doubtless has been given the name password file 
Did it ever occur to you that storing your password in a text file on your computer is the easiest way of being compromised? Or that when you paste your password in, it is left on the clipboard and that can easily be accessed by a hacker. Or that if someone was remotely connected to your PC via a trojan or something, that they could just grab the password by pasting it or copying the file that contains your password? Honestly, just because you copy / paste your password in doesn't mean it is anymore secure!
You need AV, you need anti-malware, and you need a good firewall, and then you need to get into a good routine with all of these programs so that you ensure that your PC is clean. Especially if you're visiting dodgy sites (and let's face it, if you're getting hacked so often, then you must be, mustn't you). Get yourself AVG Anti-Virus Free (http://free.avg.com), install that, update it everyday and then run a scan everyday for the next month until you're absolutely certain your PC is clean. Get Malwarebytes (http://www.malwarebytes.org) and do the same with that. Set up a schedule so that it runs a scan when your PC is idle (use Windows Task Scheduler to do this). Get Spybot S&D (http://www.safer-networking.org) to run alongside Malwarebytes, and set it up to run on idle as well. Make sure they both auto-update regularly too. Finally, get Comodo Firewall with Defense+ activated (http://www.comodo.com/home/download/download.php?prod=firewall). Install that, and train it for a few days. Don't just blindly answer "Yes" to all questions. Read through the text when it says it is blocking something, so that you can be sure that you definitely want it to run or be blocked. Google the process it blocks if you're unsure. Don't just let any old thing through otherwise you'll be compromised again.
All these programs are 100% free and tried-and-tested. a lot of us here use them (I use all of them in conjunction with one another) and I'm sure a lot of other IT professionals do as well. There's no need to fork out for paid-for protection. These packages work just as well, if not better, no matter what the blurb for other products might say.
Finally, stump up the cash for an Authenticator. It isn't a 100% secure system (you can still get hacked if the code is captured in time), but it comes pretty damn close and with you doing all of the above as well, I'd be very surprised if you ever get hacked again.
At the end of the day it is your own fault for getting hacked. So, accept that, and follow these tips so that you can ensure that it won't happen again.
No, it was identical to the e-mail I get when I do change my password - it also didnt have any links to login pages.