Hacked

Elin

So today I was notified by some friends that I was logged into WoW, and what's more, I g-quit. Now, since I haven't played wow since the start of Fall semester I know I didn't do it. In fact, I am not subbed and I've never even merged a Battle.net account. I'm calling Blizzard to try to get my account back simply because it's mine and I've had it since 2005 or so.

My question is, how the hell? I haven't logged into WoW or the Blizzard web page since August. I don't have WoW or WoW mods on my main computer. I use Kaspersky Internet security with a firewall. In addition to that I run Malware Bytes once a week as well. Hell, I changed my WoW password before I quit. I have no clue how this happened and if I have a security hole I'd like to find it before it's my bank account breached.

Namel3ss

See if you can log into your WoW account. I suspect your friends are full of shit.

illig

you could've been using a weak password

the majority of "hacks" out there are not some ultra complicated worm that steals the secrets directly from your hard drive, but a simple attempt... they get an email of someone who has an account, and try that email with "password", "god", "12345", etc... there's a list of about 5000 commonly used passwords out there, and it's a simple enough tasks to try them

Elin

Namel3ss wrote: »

See if you can log into your WoW account. I suspect your friends are full of shit.

I can't log in. I was independently notified by 3 different people so I'm assuming it actually happened.

Elin

illig wrote: »

you could've been using a weak password

the majority of "hacks" out there are not some ultra complicated worm that steals the secrets directly from your hard drive, but a simple attempt... they get an email of someone who has an account, and try that email with "password", "god", "12345", etc... there's a list of about 5000 commonly used passwords out there, and it's a simple enough tasks to try them

Honestly, I forget what password I used but I commonly use at least one capitol and one number in my passwords. I could have not done that this time I guess.

badpoet

Go to the main wow website and login. If you can't, then go to the part where it says to recover your password and make a new one. In all likelihood, you're stuff is gone.

You don't have to be subscribed to change your password or recover your account.

Edit: If they've changed the email, then send an email to Blizzard about it from your previous email.

http://wowvault.ign.com/View.php?view=Guides.Detail&id=276

Namel3ss

Elin wrote: »

Namel3ss wrote: »

See if you can log into your WoW account. I suspect your friends are full of shit.

I can't log in. I was independently notified by 3 different people so I'm assuming it actually happened.

Elin wrote: »

Honestly, I forget what password I used but I commonly use at least one capitol and one number in my passwords. I could have not done that this time I guess.

Do you know what email address you used for your account to have the password reset?

Elin

badpoet wrote: »

Go to the main wow website and login. If you can't, then go to the part where it says to recover your password and make a new one. In all likelihood, you're stuff is gone.

You don't have to be subscribed to change your password or recover your account.

Edit: If they've changed the email, then send an email to Blizzard about it from your previous email.

http://wowvault.ign.com/View.php?view=Guides.Detail&id=276

Whoever hacked me merged my account with their battlenet account. This is unreal. Heh.

Pellaeon

Elin wrote: »

badpoet wrote: »

Go to the main wow website and login. If you can't, then go to the part where it says to recover your password and make a new one. In all likelihood, you're stuff is gone.

You don't have to be subscribed to change your password or recover your account.

Edit: If they've changed the email, then send an email to Blizzard about it from your previous email.

http://wowvault.ign.com/View.php?view=Guides.Detail&id=276

Whoever hacked me merged my account with their battlenet account. This is unreal. Heh.

This happened to me last week, haven't played since august, friend let's me know I am on at 2 am (let's me know at 2am....gee thanks?). The account had been merged with a battle.net account with another email so I couldn't password recover.

The phone wait was estimated at 35-40 minutes, fuck waiting that long for a game I don't even play right now, so I just went through the website, filled out their nice little form, they'll send back an auto reply that it is being investigated and please secure your shit and create battle.net account of your own so they can merge your wow to your battle.net (can't be restored to an unmerged status). Took like 12 hours total from initiation to resolved, and I got a 7 day credit to play (which I used all of 5 minutes of to see where my charatcer was). YMMV

Elin

Pellaeon wrote: »

Elin wrote: »

badpoet wrote: »

Go to the main wow website and login. If you can't, then go to the part where it says to recover your password and make a new one. In all likelihood, you're stuff is gone.

You don't have to be subscribed to change your password or recover your account.

Edit: If they've changed the email, then send an email to Blizzard about it from your previous email.

http://wowvault.ign.com/View.php?view=Guides.Detail&id=276

Whoever hacked me merged my account with their battlenet account. This is unreal. Heh.

This happened to me last week, haven't played since august, friend let's me know I am on at 2 am (let's me know at 2am....gee thanks?). The account had been merged with a battle.net account with another email so I couldn't password recover.

The phone wait was estimated at 35-40 minutes, fuck waiting that long for a game I don't even play right now, so I just went through the website, filled out their nice little form, they'll send back an auto reply that it is being investigated and please secure your shit and create battle.net account of your own so they can merge your wow to your battle.net (can't be restored to an unmerged status). Took like 12 hours total from initiation to resolved, and I got a 7 day credit to play (which I used all of 5 minutes of to see where my charatcer was). YMMV

Well, I waited the hour to talk to someone as I just threw it on speaker phone and surfed aimlessly online like I had been doing anyhow. I got my account back and I'll restore my shit on general principles. My classes are a little too demanding right now to play much of anything, but the account is mine and I'm not letting some silly goose deprive me of it.

I'm still at a loss as to how it happened though, seriously stumped.

Nobody

Elin wrote: »

Pellaeon wrote: »

Elin wrote: »

badpoet wrote: »

Go to the main wow website and login. If you can't, then go to the part where it says to recover your password and make a new one. In all likelihood, you're stuff is gone.

You don't have to be subscribed to change your password or recover your account.

Edit: If they've changed the email, then send an email to Blizzard about it from your previous email.

http://wowvault.ign.com/View.php?view=Guides.Detail&id=276

Whoever hacked me merged my account with their battlenet account. This is unreal. Heh.

This happened to me last week, haven't played since august, friend let's me know I am on at 2 am (let's me know at 2am....gee thanks?). The account had been merged with a battle.net account with another email so I couldn't password recover.

The phone wait was estimated at 35-40 minutes, fuck waiting that long for a game I don't even play right now, so I just went through the website, filled out their nice little form, they'll send back an auto reply that it is being investigated and please secure your shit and create battle.net account of your own so they can merge your wow to your battle.net (can't be restored to an unmerged status). Took like 12 hours total from initiation to resolved, and I got a 7 day credit to play (which I used all of 5 minutes of to see where my charatcer was). YMMV

Well, I waited the hour to talk to someone as I just threw it on speaker phone and surfed aimlessly online like I had been doing anyhow. I got my account back and I'll restore my shit on general principles. My classes are a little too demanding right now to play much of anything, but the account is mine and I'm not letting some silly goose deprive me of it.

I'm still at a loss as to how it happened though, seriously stumped.

Is it possible that your email was hacked, and there was an email in a saved folder with your WoW account name?

Had you logged in with your WoW account on other PCs (such as a lab, or at work) that might not be as secure as yours is? Remember, it doesn't have to be WoW itself you are logging into. The WoW forums and armory require you to log in with your account to post (forums), or set things up (armory).

Jaded

Elin wrote: »

illig wrote: »

you could've been using a weak password

the majority of "hacks" out there are not some ultra complicated worm that steals the secrets directly from your hard drive, but a simple attempt... they get an email of someone who has an account, and try that email with "password", "god", "12345", etc... there's a list of about 5000 commonly used passwords out there, and it's a simple enough tasks to try them

Honestly, I forget what password I used but I commonly use at least one capitol and one number in my passwords. I could have not done that this time I guess.

Pro-tip: WoW passwords are not case sensative.

EclecticGroove

Did you recently fill out something from an e-mail stating you to verify/check your account. or did you perhaps do that sometime in the past?

This is a big issue with a number of games right now where companies are phishing accounts, stripping them of all transferable assets and money, and then sometimes even going so far as setting that account up to bot/farm more stuff until it gets banned or recovered.

For them it's cheaper to re-activate someone's dormant account, strip it, and then use it as long as they can rather than buy/activate a whole new account.

And considering how many people fall for the phishing e-mails they send out, it will continue to be profitable for quite some time.

Elin

I hadn't touched anything WoW related since August. When I quit I tend to not look at anything. I keep in touch with my friends, but that's it. I didn't even know that you had to have a Battle.net account to log on. My email wasn't hacked and I'd think if they got my email they would have gone for the bank account rather than the WoW account. I don't write down passwords either. It may remain a mystery I guess, just makes me more paranoid than normal.

Lykouragh

Sounds like a keylogger to me- I got keylogged for my WoW account in the recent past, and AVG/Malware Bytes both missed the keylogger.

Elin

Lykouragh wrote: »

Sounds like a keylogger to me- I got keylogged for my WoW account in the recent past, and AVG/Malware Bytes both missed the keylogger.

I'm currently reformatting. Funny thing, 2 weeks ago-ish I downloaded a trail for a game from Steam and Kaspersky said it was a keylogger. Now, I didn't log onto anything WoW related after that but now I'm wondering if it was real instead of a false positive.

I'm reformatting the gaming-top right now, my little Asus is standing in for its big brother.

DragonPup

Get a blizzard authenticator. It's $7 with free shipping and stops your account from being hacked.

Elin

DragonPup wrote: »

Get a blizzard authenticator. It's $7 with free shipping and stops your account from being hacked.

The thing is, I don't care about the WoW account being hacked. It's digital nothing, I only restored it because I'm stubborn. I care about how, like keyloggers (all the way from August seems unlikely) or if they just brute forced un-merged accounts because they figured no one would notice.

I nuked my laptop from orbit so hopefully if there was anything there, it's gone now.

Kotenk

You'd be surprised how long they can hold onto account information. It isn't like "I clicked a keylogger and my hard drive is melting as I close the browser!".

Also, read this as it's pretty much the best up to date info you can get (including finding any security holes, even if you're not interested in the account):
http://forums.worldofwarcraft.com/thread.html?topicId=14318909866&sid=1

Avicus

I got mysteriously 'hacked' a couple of weeks ago.

My theory to what happened to me is that I signed up for a forum/website/anything that wasn't completely secure and a silly goose webmaster sold everything to someone. They then had my password to that site which was the same as the password to my wow account. That is the only thing that could have possibly happened.

I check my processes at startup, don't open stuff retardly, don't visit sites through emails etc.

Hamster_style

When I did my tour of duty with WoW, I got hacked because I was on a library computer which had a website open which had an ad which had an embedded keylogger. The things can actually be pretty insidious. So, it got the log when I opened the WoW forums on this computer.

The thing is, the website was legit, and the ad company was legit, but the banner itself was written by someone malicious.

The way I make passwords, now, is by taking a 10 word phrase that I'll remember, and then doing something like taking each first letter and replacing them with numbers(or the special symbols corresponding to those numbers, think & for 7 for t) and randomly capitalizing, or maybe a bunch of first letters then a smaller word. You can make super strong, easy to remember passwords that way.

Siska

My hubbys WoW account was hacked 2 weeks ago. In his case it was probably due to a very simple password, in combination with this new brilliant idea of having our e-mails as our logins. Like you, he reclaimed his account just out of stubborness. He doesn't play WoW more than 1 or 2 months per year.

On a possible happy note, one of his friends says that he saw my hubbys characters online in the new zones. So it looks like the hackers bought the expansion for him. Check and see if you got a free one too if you don't already own it.

Avicus

Hamster_style wrote: »

When I did my tour of duty with WoW, I got hacked because I was on a library computer which had a website open which had an ad which had an embedded keylogger. The things can actually be pretty insidious. So, it got the log when I opened the WoW forums on this computer.

The thing is, the website was legit, and the ad company was legit, but the banner itself was written by someone malicious.

The way I make passwords, now, is by taking a 10 word phrase that I'll remember, and then doing something like taking each first letter and replacing them with numbers(or the special symbols corresponding to those numbers, think & for 7 for t) and randomly capitalizing, or maybe a bunch of first letters then a smaller word. You can make super strong, easy to remember passwords that way.

WoW passwords aren't case sensitive.

SkyCaptain

Siska wrote: »

My hubbys WoW account was hacked 2 weeks ago. In his case it was probably due to a very simple password, in combination with this new brilliant idea of having our e-mails as our logins. Like you, he reclaimed his account just out of stubborness. He doesn't play WoW more than 1 or 2 months per year.

Yeah, I really don't like the email login either. I'm going to create an obscure email to use for my WoW account and that's all it will ever be used for.

On a possible happy note, one of his friends says that he saw my hubbys characters online in the new zones. So it looks like the hackers bought the expansion for him. Check and see if you got a free one too if you don't already own it.

Hahah, that's hilarious. I'm surprised they didn't take access away. Then again, it was probably paid for by the hacker. So it's still money in Blizzard's pocket.

Lykouragh

When my wife's account was compromised, they paid to transfer 2 of her characters.... with a stolen credit card number.

Turns out keyloggers are for more than just WOW accounts!