So... account hacked?

#1 Edited by cgoodno (166 posts) -

Looks like it based on the two e-mails I got today (yes, they're official and not phishes, and I've confirmed by trying to log into my account, which is now suspended).
 
Anyone else been hacked and how did it happen?  I'm thoroughly confused since:

  1. I use Firefox + NoScript + ABP
  2. I use LastPass for site logins
  3. I've never visited a gold selling site
  4. I always have BitDefender up and running
 
Currently scanning using SpyBot S&D to see if there's anything, but it's very unlikely.  I'm sure I'll hear back from Blizzard in the next week on my account, hope I don't have to start all over again *sighs*.  Hell, I might as well just screw it if I do.
 
Quick Update: SpyBot found nada.  Yay.
#2 Posted by DeeGee (2121 posts) -

They guessed your password.

#3 Posted by FritzDude (2262 posts) -
@DeeGee said:
"They guessed your password.

                   

                "

This seems logically.
#4 Posted by Helushune (215 posts) -

Is it linked to your facebook account?  That's an incredibly easy way to get your password and account info.

#5 Posted by cgoodno (166 posts) -

Ah, yes, ever so helpful!  They must have guessed my e-mail address as well, which is saved in my login profile ... *sighs*
 
Anyone of help or just jokers?

#6 Posted by DeeGee (2121 posts) -

There are plenty of ways to find out your email address.

#7 Edited by TheMustacheHero (6655 posts) -

My account has been hacked twice- Then I grew a brain and downloaded the Authenticator app on my iPod, haven't had any problems since.
 
You should do the same...if you've got an iPod touch.

#8 Edited by cgoodno (166 posts) -
@DeeGee said:
" There are plenty of ways to find out your email address. "

And how would they know to find out my e-mail address specifically?  I'd need to have downloaded one of their keyloggers or similar... which I'm completely free of after scanning with BitDefender, AVG, and SpyBot.
 
@Helushune said:

" Is it linked to your facebook account?  That's an incredibly easy way to get your password and account info. "

Absolutely not.  
 
@TheMustacheHero said:

" My account has been hacked twice- Then I grew a brain and downloaded the Authenticator app on my iPod, haven't had any problems since.  You should do the same...if you've got an iPod touch. "


I'll have to do this.  I've been searching on this and no one seems to know much on anything tangible other than the typical "visited a gold selling site", "learn to use firefox", "stop watching p0rn", etc.
 
Thanks for a helpful response.
#9 Posted by Skytylz (4031 posts) -

I would probably have heart failure if I played WoW and I got hacked.  That sucks dude, hope you get it figured out.

#10 Posted by Helushune (215 posts) -
@cgoodno: Heh, you never know.  I watched three friends of mine foolishly link their accounts and all get hacked within the week. 
 
But yeah, grab the blizzard authenticator for your smartphone/iDevice.  Doesn't make it hack-proof but it's better than nothing.  They also offer a phone-in service that supposedly tracks what IP you normally log in from and if it detects anything out of the ordinary it requires you to call a number and enter a pin from a phone that you setup.
#11 Posted by Crixaliz (782 posts) -

I got the same email and my account is also frozen. I logged on and all my characters were still there (couldn't see the gear since they are inactive).
Just attach the Authenticator, i just did that myself. 
Do you by any chance have an account on some WoW related website?

#12 Posted by GanglyMonster (41 posts) -

owned

#13 Posted by cgoodno (166 posts) -
@Crixaliz said:
" I got the same email and my account is also frozen. I logged on and all my characters were still there (couldn't see the gear since they are inactive). Just attach the Authenticator, i just did that myself.  Do you by any chance have an account on some WoW related website? "
Nah.  Just here and N4G, and they use different credentials.
#14 Posted by Levio (1784 posts) -

Blizzard is probably fake-hacking accounts to push the sales of authenticators.
 
Remember, Bobby is in charge now.

#15 Posted by EpicSteve (6483 posts) -

It happens a lot in WoW now. Most serious players have some sort of protection, like having two passwords.

#16 Posted by cgoodno (166 posts) -
@Levio said:
" Blizzard is probably fake-hacking accounts to push the sales of authenticators.  Remember, Bobby is in charge now. "
The one for the iPhone is free, though...
#17 Posted by Shirogane (3569 posts) -

Yeah, my account got hacked sometime mid last year, while i didn't have an active sub. They actually referred themselves and got me a sub month, then did weird stuff with my account which got it banned, which got me a message from Blizzard, which is how i knew. No idea how they got my account info though, i hadn't logged on for ages, didn't even have WoW installed.
#18 Posted by Gilbert64 (61 posts) -

 It's always the same reasons
 In the order of likeliness
1. you shared your account info (friends,leveling service etc.)
2. you used the same password for multiple sites
3. you got drive by malware on some shady website/download
or something people talk about all the time but never happens, some super hacker hacked blizzard, they guessed your password (or i hope your password wasn't 1234) or they are trying to sell authenticators (strange since the app is free)
 
in your case I would guess (assuming your not stupid and did 1.) your LastPass database that got comprised since its a fairly fat target.  (i.e. nr. 2)
 
You should never store your password in digital format if it's something you really care about .
Easiest thing is just to write it down on a piece of paper, unless physical security is an issue.

#19 Posted by cgoodno (166 posts) -
@Gilbert64 said:
"  It's always the same reasons  In the order of likeliness 1. you shared your account info (friends,leveling service etc.) 2. you used the same password for multiple sites 3. you got drive by malware on some shady website/download or something people talk about all the time but never happens, some super hacker hacked blizzard, they guessed your password (or i hope your password wasn't 1234) or they are trying to sell authenticators (strange since the app is free)   in your case I would guess (assuming your not stupid and did 1.) your LastPass database that got comprised since its a fairly fat target.  (i.e. nr. 2)   You should never store your password in digital format if it's something you really care about . Easiest thing is just to write it down on a piece of paper, unless physical security is an issue. "
Actually, LastPass is better than re-entering a password and login credentials you use often.  It's encrypted and easily deleted from a computer and can't be tracked by malware.  It doesn't solve any issues with there being vulnerabilities on sites that may have issues in sending username and password data to and from the server in an unsafe manner.  As for my case, my password isn't the same as any others that I use.
#20 Posted by TooWalrus (13169 posts) -

My roommate was hacked too, and was just as careful as you. He refused to use an authenticator. First, you're going to have to get everything straight, open tickets, get all your shit back in the in-game mail- it'll probably take a week. Then, you should follow the advice I gave him before he even started playing- Get an authenticator, dumbass.

#21 Posted by ImpendingFoil (555 posts) -

This just happened to me last week.  I emailed Blizzard and they sent me some kind of appeal form I need to fill out.  I have not touched WoW in years but I do enjoy Starcraft II from time to time.  I should probably be filling the form out soon.

#22 Posted by Bloodgraiv3 (2712 posts) -

Be smarter with your info next time, and don't link it to fb >>
#23 Posted by Marz (5648 posts) -

I sleep better at night knowing i have one of these.

#24 Posted by CL60 (16906 posts) -
@Marz said:
" I sleep better at night knowing i have one of these.

"
Me too...me too..
#25 Posted by ZimboDK (848 posts) -

weee, I just got hacked too.
 
So, my account was created back when I didn't really have any password policies. Oh, and so was my gmail account. Got an email from Blizzard: Blah blah, account locked. Sure enough, I can't login. Just in case, I look in my deleted mail folder. Empty. Spam folder: 2 password reset mails from Blizzard. Well, fuck. They accessed my gmail account. I looked in access details and sure enough, an IP from China and one from Korea. Sign out all sessions, change password. I have seperate accounts for all my Blizzard games, so I only have WoW on that account, no big deal.
 
My password was a random combo of different letters, so there's no way they could've just guessed it out of the blue.
 
There are basically 4 options:
 
A trojan or keylogger was installed on my PC. Nope. I scan my PC religiously and run almost everything sandboxed, so that can't be it. I looked for unknown processes just in case, but there was nothing unusual.
 
Back when I did play WoW a lot, I may have bought some gold. That was years ago though, and I'm not totally convinced they would save that data for years and just try it out randomly. 
 
Yesterday, I installed Chrome and some extensions. There is a very remote chance that a trojan could have been embedded in one of the extensions. I seriously doubt that though.
 
Also yesterday, I installed a new hard drive on my nephew's PC. While we were waiting for his Steam folder to be copied over to the new drive, I checked my gmail. Then we started talking about WoW, and I visited the WoW site. I think that may have been a mistake. He's 14 and downloads a ton of stuff that may not be entirely legal. He's basically an internet noob. I've done what I could to educate him on Internet safety, but he still seems to be very indiscriminate about what sort of files he opens. And I think he has one or more trojans on his comp. I'm going over there tomorrow to check it out.

#26 Edited by melcene (3056 posts) -
@Levio said:

" Blizzard is probably fake-hacking accounts to push the sales of authenticators.  Remember, Bobby is in charge now. "

Actually, I have heard many stories that make me wonder about this.  There are just too many careful people out there who get hacked.
 
I got hacked myself in Sept 09.  I was also a guild leader at the time so that really sucked.   What really ticked me off is that the hacker was still on my account at the time I found out (my husband was logged into his own account and saw my toons running around).  I CALLED Blizz and told them, and asked if they could IP ban the hacker or anything.  They told me they "are not an investigative unit" and couldn't do anything about the hacker, but would change the password on the account for me.
 
Authenticators are pretty much necessary now. 
 
 
@ZimboDK said:
"  Back when I did play WoW a lot, I may have bought some gold.  "  
 This made me laugh.  :)
#27 Posted by hexx462 (506 posts) -
@ZimboDK said:
"  Back when I did play WoW a lot, I may have bought some gold. That was years ago though, and I'm not totally convinced they would save that data for years and just try it out randomly."
I wouldn't put it past gold sellers to pull stunts like that. I do know people that bought gold and were hacked later on. Have to say it serves them right though, supporting gold farmers is such a douche move.
#28 Edited by Alphiehyr (1083 posts) -
@cgoodno said:

" Looks like it based on the two e-mails I got today (yes, they're official and not phishes, and I've confirmed by trying to log into my account, which is now suspended).
 
Anyone else been hacked and how did it happen?  I'm thoroughly confused since:

  1. I use Firefox + NoScript + ABP
  2. I use LastPass for site logins
  3. I've never visited a gold selling site
  4. I always have BitDefender up and running
 Currently scanning using SpyBot S&D to see if there's anything, but it's very unlikely.  I'm sure I'll hear back from Blizzard in the next week on my account, hope I don't have to start all over again *sighs*.  Hell, I might as well just screw it if I do.  Quick Update: SpyBot found nada.  Yay. "
Here's a way to never get hacked:
1. Buy a second Hard Disk. The only things you should have in that Hard Disk is an Operating System, Kaspersky or Norton 2010, fully updated windows and World of Warcraft.
2. Create a email solely for WoW.
3. Only browse WoW's main site and email mentioned on step 2. Bookmark them if you need to.
4. Do not click on any third party links which are usually found on WoW's forums. Take caution when clicking on official links such as the ones found on the announcements. Do not click on any emails that aren't from Blizzard - the official ones should appear on Contact Us link, displayed on their official website. Junk/Phishing Scam/Delete the rest.
5. Always have a password that is long and unfamiliar. Change your password every month or if your paranoid, once a week.
6. If you need to browse music, websites, videos or use a voice communication program, either have a laptop handy or turn off your comp, plug in your first hard disk (after unplugging your second HDD).
 
It's a shame after all these years people still get hacked. It must be true when they say the newer generations are more stupid.
#29 Edited by ArtelinaRose (1850 posts) -

Just to add my useless advice here, I use barcodes for my passwords. Find something and keep it nearby so you can reference the numbers as you memorize it. Interject random letters as you see fit. I switch mine every time I buy a new game.

This edit will also create new pages on Giant Bomb for:

Beware, you are proposing to add brand new pages to the wiki along with your edits. Make sure this is what you intended. This will likely increase the time it takes for your changes to go live.

Comment and Save

Until you earn 1000 points all your submissions need to be vetted by other Giant Bomb users. This process takes no more than a few hours and we'll send you an email once approved.