Worst Hacking case ever...Could happen to you

#0 - Feb. 9, 2009, 8:41 p.m.

The past 2 months I have been hacked about 10 times or more.

Everyone should read this because it can happen to you. I have taken just about every step possible to keep from getting hacked again but it still happens. I have never been hacked in my life before this.

I'm trying to figure out exactly how these people are able to hack me on a secure PC, cable modem connected directly to my PC.

Now this isn't just any normal key logger hacking, this is very strange.
Let me explain.

The first time I got hacked, I found viruses on my computer, so I formatted my hard drive totally and reinstalled Vista and installed my virus scanner and firewall back on.

Few days later hacked again and I found no viruses, so I formatted mt hard drive again.

Found out on my own, without the help of blizzard what so ever that the person knew my registered e-mail address and was able to change my registered e-mail / pw without me getting any notice at all.

So before I recovered my account, I made two brand new e-mail's so the hacker wouldn't be able to trace and use my old registered e-mail to get access to my account again.

Recovered the account, and then changed the registered e-mail twice in a row just to be safe.

Now they were able to hack me yet again a few times over and I wasn't getting much help from blizzard besides them recovering my items and stolen gold (much appreciated).

Now I'm pretty sure it's the same hacker hacking me all the time because it's always the same routine when he hacks me.

- Sell all my bank items.
-Sell my gear.
-Run around Org Yelling "N word" and "Ban me"
-Reset key bindings
-Transfer all my characters to another server and/or delete them after gold have been taken.
-Sometimes making clones of my characters as level 1 alliance characters with the exact same classes and names. Then leaving one named "GG##*" or something like that.
Real nasty.

Now obviously this guy is getting away with hacking me without any ban or punishment because he constantly hacks me and takes the gold, at times I'm able to get access to the account within 5 mins of being hacked so it's not like the gold can get far.

Now I decided to check it out myself as to how he could be hacking me, and there seems to be a flaw in the web recovery part of the site.

First off every time I check my web recovery (while not hacked) it says I have had too many attempts at recovering the pw to this account.
So it's obvious the hacker is trying everyday to get access to my account thought the web recovery ( My guess is that he's guessing different e-mails I might use)

Now I could understand him guessing maybe just 1 or 2 of my registered e-mails but not 5+.
Every time he changed my registered e-mail and password, I never got a notice at all.

It seems if you use the Account Name / Password Retrieval ---> Change your E-mail links from wow main site, you don't get a notice in your email about the account changes.

All the hacker needs to know is your account name and registered e-mail to the wow account to gain access. Now how he keeps getting my randomly made e-mail addresses, I don't have a clue.

I have told my dad my new e-mail addresses just for the sake of contacting me so unless this hacker is tapping my phone line, I don't have a clue how he keeps hacking me.

my only 2 guesses is,

A hacked phone line (even still?)
Or a WoW GM or someone working at the company has it out for me.(Highly doubt)

Extra info: the hacker/s usually hack on Friday night, when they know the blizzard call center will be closed for the weekend, so you cant do anything till Monday.

The last thing I need to do now is buy an authenticator which I wanted to do for months now but there always sold out in Canada from the Blizzard online store. Even still he can still hack me even if I have an authenticator because he seems to be able to always guess(?) my registered e-mail.
mind you my e-mails are never hacked, only the wow account.

I been using multiple virus scans and firewalls on top of formatting my hard drive 5 times now.

If anyone has any idea at all as to how I could be getting hacked so badly, please comment.
It seems I can't stop this no matter what.

Malkorix

#11 - Feb. 9, 2009, 9:01 p.m.

Q u o t e:
I been using multiple virus scans and firewalls on top of formatting my hard drive 5 times now.

If anyone has any idea at all as to how I could be getting hacked so badly, please comment.
It seems I can't stop this no matter what.

Okay, first, let's see about securing your system. Acquiring a Blizzard Authenticator could go a very long way toward doing so. When in stock, you can purchase one here:

http://www.blizzard.com/store/search.xml?q=authenticator

That said, before I direct you to our stickies regarding account compromise, I'd like to look into this situation in greater detail, as this does not sound typical to me. May I ask the name and realm of a character on the account in question?

Malkorix

#20 - Feb. 9, 2009, 9:12 p.m.

Q u o t e:
The likelihood of it being an employee is..very faint.

We simply do not have access to an account's password. Period. That's part of the reason why we tell our players not to provide their account password to anyone else at any time. We do not have access to them, nor will we ever ask for one.

Additionally, anything having to do with activities on an account carries close oversight. As such, it is nearly impossible for a member of our staff to contribute to an account compromise - even were they inclined to do so.

The only reason I will not say 'impossible', is because virtually nothing is impossible. I will put it this way though: It is more likely to be an Elvis-impersonating sasquatch that likes to scuba dive in scottish lochs while wearing a dinosaur suit than a Blizzard Employee.

Please pardon the firm tone, but this is a baseless suspicion that I rapidly grow weary of reading.

Malkorix

#31 - Feb. 9, 2009, 9:26 p.m.

Q u o t e:
So it can;'t be anyone I know.

How certain are you of this?

It might be a good time for you to re-examine this situation much more closely. For a repeat compromise of this nature to have occurred, the compromiser would require substantially more information than could typically be gleaned via a keylogger. Of course, you may have been phished, if you've received any suspicious emails, but this does not appear to be one of those situations either.

At this point, your best bet is to contact our Billing Department to discuss what your options are for securing the account completely:

Billing & Account Services

Live Representatives Available Mon-Fri, 8am to 8pm PST

You might also want to refer to this thread, though you do seem intimately aware of the processes at this point:

** Account Compromise Info Center **
http://forums.worldofwarcraft.com/thread.html?topicId=3773308319&sid=1

Malkorix

#36 - Feb. 9, 2009, 9:35 p.m.

Q u o t e:

I don't know anyone in real life that plays warcraft at all.

I wouldn't be in a position to assert that you do or do not. Ultimately, I hope that information proves useful to you, should you wish to take it into consideration anyway.

Also, please refer to the additions I made to the post above. Hopefully a member of our Billing staff will have useful suggestions for you.

This is a very unusual situation though, and dramatically unlike a 'typical' account compromise.

Malkorix

#50 - Feb. 9, 2009, 9:48 p.m.

Q u o t e:
The chances that it's someone I know are slim.

None of my friends play WoW.

So they would have to go buy WoW, BC and Wotlk spend hours installing, some how guess my registered e-mails and passwords and hack me.

It's just no way it would be someone I know.

To be honest, while I want to help you, it profits noone to argue about it. I've already provided you with the best course of action to deal with this situation - please contact our Billing Department to discuss your options.

If you take the information I've provided into account, then you may find it easier to protect your account, that's all =).

Scars, are you also experiencing an account compromise situation? It is typically best to open your own thread, rather than 'piggy-back' on an existing thread, as this keeps things less confusing. If you already have a thread open, please feel free, with my permission, to post a link to it in this thread, and I'll take a look.

Malkorix

#60 - Feb. 9, 2009, 9:59 p.m.

Q u o t e:
In other words the account is just as much mine as it is the hacker.

The account belongs to the registered owner. If you are that registered owner, then the account belongs to you.

When an account is locked, the only individual capable of unlocking the account is the registered owner - pending the proper verifications, of course.

If you've unlocked this account several times in the past, only to experience this re-occurring compromise situation, then you may want to explore new avenues to secure your characters =/.

Malkorix

#68 - Feb. 9, 2009, 10:16 p.m.

Q u o t e:
Okay, well thanks for the help everyone.

The fix for me is to transfer my characters to another account and buy an authenticator.

From the looks of it, if a hacker knows your secret question, an authenticator is useless.

Thanks everyone.

No. Not exactly.

If you are the registered owner of the account, and you already own an Authenticator that is attached to that account, then a compromiser would not be in a position to reach the interface necessary to take advantage of that information.

If you had access to an Authenticator, then it would very likely enable you to secure access to your account after you applied it.

Malkorix

#83 - Feb. 9, 2009, 11:51 p.m.

You guys are coming in a bit late.

I'm going to go ahead and lock this now, as all the relevant information has been provided.