WoW Account Hacked While Inactive?!

[mad0maxx]

WoW Account Hacked While Inactive?! How the hell does this happen?

I had my WoW account inactive and then last night I tried to reactivate it and all my stuff has been changed around. Since my girlfriend still plays WoW she logged on the server where my character was and asked a person who was in the guild I was last in to see if my character is still in that guild and they said I was last online eight days ago and I know for a fact my account was not active by me eight days ago.

I never gave my password out to anyone and no one had my password to any of my e-mail's and I never had any problem with my account till I leave it inactive?! So how the hell did they get my password?

Has this happened to anyone else?

EDIT: I also have Kaspersky Internet Security Running on all my computers so it can not be a keylogger on my computer though I am pretty sure they are going to tell me that when I call the damn Billing Office today.

 

[Aikouka]

I think I heard someone mention once how Blizzard uses a good faith policy on credit cards and such so someone can give a fake card and they have 48 hours with it. I don't remember the specifics, but I believe someone was talking about that in the Lightning's Blade chat.

The hacker probably guessed your password and used that dupe to get in and change everything and have his way with your characters. It may simply be luck/generation or someone who knows you (online or offline) well enough to guess your passwords as I don't think WoW has any lockout mechanism.

Call up Blizzard and get your password reset. I doubt the person changed your e-mail address or anything, as that requires a call to Blizzard which requires them to identify you based on information that you provided during account registration.

 

[mad0maxx]

I do not think anyone could of just guessed my password because it is always alpha numeric such as (as098saf) and no consistancy in the password. My e-mail address was never changed but I think they changed my security question or my home phone number.

On hold with Blizzard billing right now.

 

[KeithTalent]

Seems like some funny stuff happens to WoW accounts every now and then. Take a look at this guy's thread: http://forums.anandtech.com/messageview...atid=38&threadid=1982314&enterthread=y

Guess I'll stick with LOTR for now.

Good luck!

KT

 

[Aikouka]

Originally posted by: KeithTalent
Seems like some funny stuff happens to WoW accounts every now and then. Take a look at this guy's thread: http://forums.anandtech.com/messageview...atid=38&threadid=1982314&enterthread=y

Guess I'll stick with LOTR for now.

Good luck!

KT

There's been a lot of speculation that it's hackers getting into WoW accounts, because Blizzard began banning a lot of the gold farmers and that shot the price of WoW gold up to exorbant amounts. So now, hackers literally get into your account, shard gear, sell gear, sell your entire bank and send your money off to be sold.

I guess the guy in that thread was used to exploit something by the person who hacked the account. Blizzard will ban for any hack found and they don't care who it is.

For example, a guy I know tested a method on a website for the chat disconnect hack in WoW. He then reported the website to Blizzard and guess what happened? His account was perma-banned for testing it once to make sure it was valid.

 

[BZeto]

Doesnt it show in your Account Management when the account was reactivated? If it in-fact was not activated 8 days ago then you should be even more concerned.

 

[Aikouka]

I'm not sure it will if the credit card was never truly accepted. Because then there's no real payment entry because you never paid.

 

[mad0maxx]

I canceled my account and it expired on 10/14/06 and I guess the hacker got into my account and possibly sold it to someone else because it was reactivated and charged to some unknown person's credit card as of 12/24/06 and Blizzard will not tell me who's credit card was on my account! When I was able to log back in it looked like someone played on my 60 Warlock but all my other characters were all stripped down! I also had a pet collection in the bank with almost every WoW pet you can get (non combat) and the hacker or the unauthorized user sold every single one of them! Blizzard can suck a nut for this crap... never have I ever had an account hacked into like this.

 

[BZeto]

I dont think all hope is lost. You should be able to complete a process where you fax them some personal information so that they can verify your identity. After this they should restore your characters/items. I know of several past guildies that have had to do this.

 

[mad0maxx]

Originally posted by: BZeto
Doesnt it show in your Account Management when the account was reactivated? If it in-fact was not activated 8 days ago then you should be even more concerned.

Yeah the account was not activated by me eight days ago from the date of Tuesday, January 2, 2006

 

[mad0maxx]

Originally posted by: BZeto
I dont think all hope is lost. You should be able to complete a process where you fax them some personal information so that they can verify your identity. After this they should restore your characters/items. I know of several past guildies that have had to do this.

I know that I can do this but the fact that remains is if Blizzard can not keep my log in creditionals safe so no one can hack into my account active or inactive how safe is it to say that Blizzard will not keep my credit card information safe?

 

[ViperXX]

This is what Blizzard needs to do to defeat the key logger hacks. You type in your password like you always do but now when you login there are over 100 pictures to chose from. You have to select the correct picture combination in order to complete the login process.

 

[mad0maxx]

I was not a victim of a keylogger because the only time I typed in my WoW password were at school on my own work computer and at my house on my computer... I think Blizzard has ****** security to allow people to hack other's accounts.

 

[crystal]

lol. One of my brother's account got hack into while it was inactive. He didn't know anything about it until he got an email from blizzard saying that his account got ban. Seem like they used the account to cheat and grief people with. When he tried to clear his name, blizzard make him jump through all the loops and he had to sign a notalize(?sp) down from the court or something like that. He said, f*ck that, no game is worth that much troubles. It was really too bad that we all (3 of us) decided to quit WOW at the same time and wait for the expansion. Otherwise we would notice right away if someone other than him playing one of his characters.

 

[mad0maxx]

I sent an e-mail to Fargo from Gamespy and he is interested in this issue... please get people who have had this problem to post here so I can reply back to Fargo... thanks ^_^

 

[Oakenfold]

I personally know someone this happened to, blizzard restored their gear however not the enchants (shards or whatever, not sure what it's called, just know he's an uber priest). Not sure if his account was active at the time.

 

[sekser]

this happened to my friend today... they deleted all his toons on every server

 

[Luthien]

Likely most people who got their WOW accounts hijacked were not brute forced hacked. I bet 99% of them were taken by one of four ways.

1. You told someone and you never ever ever ever tell anyone your password.
2. Someone you know knows you well enough that they guessed it.
3. You got what is called fishing emails that look perfectly legit and you clicked a link that you thought took you to your wow account and you signed in not realizing you just signed into a fake website that is spoofing WOW and thus gave your information away.
4. You got a key logger on your pc.

The last 1% probably just got very very unlucky or blizzard messed up or blizzard employee went rogue or who knows what... Yeah, it is disturbing thought that a blizzard employee would do such a thing but I believe this happens and has definately happened with Diablo II. The lure of selling gold on ebay for an extra 20 grand a year and probably 20 grand a month for some leet hackers is probably too much for some people to pass up...

 

[mad0maxx]

Originally posted by: Luthien
Likely most people who got their WOW accounts hijacked were not brute forced hacked. I bet 99% of them were taken by one of four ways.

1. You told someone and you never ever ever ever tell anyone your password.
2. Someone you know knows you well enough that they guessed it.
3. You got what is called fishing emails that look perfectly legit and you clicked a link that you thought took you to your wow account and you signed in not realizing you just signed into a fake website that is spoofing WOW and thus gave your information away.
4. You got a key logger on your pc.

The last 1% probably just got very very unlucky or blizzard messed up or blizzard employee went rogue or who knows what... Yeah, it is disturbing thought that a blizzard employee would do such a thing but I believe this happens and has definately happened with Diablo II. The lure of selling gold on ebay for an extra 20 grand a year and probably 20 grand a month for some leet hackers is probably too much for some people to pass up...

I can guarentee you that none of those are my reasons...

1) I never told my password to anyone...

2) Someone who knows me could not guess my password... one old password I had was this "a7gnkc97" so how the hell could anyone guess that? My new password that I currently use is also alphanumeric and not the same as the one I listed... the one I have listed I do not use anymore.

3) I never got an e-mail from Blizzard ever! So no phishing links here.

4) I have security software installed on all my computers and proactive defenses setup so no way in hell I got a keylogger...

 

[mechBgon]

4) I have security software installed on all my computers and proactive defenses setup so no way in hell I got a keylogger...

In point of fact, there's a time delay between the creation/distribution of malware and when your security software has signatures to detect it. Hopefully a keylogger would trigger the behavior-detection feature in Kaspersky AntiVirus, but the bad guys can be creative when it means making money, so never say never.

 

[mad0maxx]

Originally posted by: mechBgon

4) I have security software installed on all my computers and proactive defenses setup so no way in hell I got a keylogger...

In point of fact, there's a time delay between the creation/distribution of malware and when your security software has signatures to detect it. Hopefully a keylogger would trigger the behavior-detection feature in Kaspersky AntiVirus, but the bad guys can be creative when it means making money, so never say never.

You should try CyberHawk because it protects aganist zero-day threats such as brand new virus and keyloggers... I have that installed on all my computers as well

 

[mechBgon]

Originally posted by: mad0maxx

Originally posted by: mechBgon

4) I have security software installed on all my computers and proactive defenses setup so no way in hell I got a keylogger...

In point of fact, there's a time delay between the creation/distribution of malware and when your security software has signatures to detect it. Hopefully a keylogger would trigger the behavior-detection feature in Kaspersky AntiVirus, but the bad guys can be creative when it means making money, so never say never.

You should try CyberHawk because it protects aganist zero-day threats such as brand new virus and keyloggers... I have that installed on all my computers as well

I have an alternate solution: Limited account + disallowed SRP for daily-driver computer usage. If you like process control and happen to have XP Pro, this is worth a look. :thumbsup:

 

[Luthien]

Well, regardless of how it happened sorry for your loss man. I know you probably spent thousands of hours on your account working on your characters and blizzard just doesnt react appropriately when stuff like this happens. Another reason to sell off what you have left and leave the game. Blizzard will stall and delay and blame you. When people spend that much time on something and it gets stolen it is akin to having a years wages stolen. The game just isnt worth it. Read some of the topics here from people that quit WOW warning others to stay away.

 

[mad0maxx]

Originally posted by: mechBgon

Originally posted by: mad0maxx

Originally posted by: mechBgon

4) I have security software installed on all my computers and proactive defenses setup so no way in hell I got a keylogger...

In point of fact, there's a time delay between the creation/distribution of malware and when your security software has signatures to detect it. Hopefully a keylogger would trigger the behavior-detection feature in Kaspersky AntiVirus, but the bad guys can be creative when it means making money, so never say never.

You should try CyberHawk because it protects aganist zero-day threats such as brand new virus and keyloggers... I have that installed on all my computers as well

I have an alternate solution: Limited account + disallowed SRP for daily-driver computer usage. If you like process control and happen to have XP Pro, this is worth a look. :thumbsup:

Awesome! I might have to try this... thanks for the link

 

[mad0maxx]

Originally posted by: Luthien
Well, regardless of how it happened sorry for your loss man. I know you probably spent thousands of hours on your account working on your characters and blizzard just doesnt react appropriately when stuff like this happens. Another reason to sell off what you have left and leave the game. Blizzard will stall and delay and blame you. When people spend that much time on something and it gets stolen it is akin to having a years wages stolen. The game just isnt worth it. Read some of the topics here from people that quit WOW warning others to stay away.

I really could care less about my character and the items on him... I played the game had fun and I never spent as much time on there as you stated.

What bothers me so much is that my account got hacked so what is it to say that my credit card information on their server is safe considering my user name and password was hacked.

EDIT: Even though the account is inactive the credit card information still stays on the account for security purposes later...