Lock plz - Blue Tracker

#0 - Oct. 27, 2009, 12:45 a.m.

So, my buddy just got hacked. Oh I know you hear it all the time, but let me explain

He just got a new laptop in the mail today. Windows vista premium home edition. First thing we did was install wow and all the current patches (he was unable to log in for almost a month now, as his PC was broken.)

We used the discs to install the basic game files, then after installing our network card (no internet required mind you) we open up wow and began to patch. In this time we also created a windows live email address, and did not log onto any other email address' he previously used, specifically because he had no intention of using them again.

My friend had not been able to log in for a bit Approximately 1 month, so he went to Https://www.worldofwarcraft.com, logged into his account management, and clicked, directly on the account management page, the link to the battle.net page. He upgraded his account to his brand new windows live email address, which we were assisted in creating by a windows employee via telephone directly. All was well. So, he logged into his new email address, and verified his battle.net account. We then proceeded to go AFK for approximately 2 hours, while 3.2.2a or whichever it is (the larger of the 2 most recent patches) to play tennis.

Upon returning home, on the attempts to access his world of warcraft account, everything was great! Though he has yet to receive his in-game penguin, everything in his account was in order, he even had a free respec. So we headed out to dinner, left his character AFK, and left the house to head to dinner with our neighbors.

We came home about another 2 hours later, attempted to log into his account, and low and behold, everything is missing, accept for his deadly pvp gear. We took a trek to his email, to send and email to wowaccountadmin.com, and their were 2 spam emails (clearly attempts to access his account information) neither was De-highlighted as to say it was opened.

So admins, I challenge you

How do you explain this one?
Brand new PC
No websites with the new email contact information
Lastly, he is in my guild. his account had remained offline for 22 days, something I was able to verify on a daily basis via the guild info tab.

How exactly could this issue have arisen.

I myself have brought this laptop to my house now, and have personally gone over all 21 links that we have visited since he received the computer, all solid websites. I can provide you with links to all 21 sites if you would like.

My friend has not bothered to open up a ticket, he has already removed his accounts payment information as he just doesn't want to deal with the "stuff", for lack of a better forum approved word.

I now have lost the one RL person in wow that I continued to play this game with, and will probably be canceling mine as well to pursue a newer game, where the hacking issue's aren't nearly as severe. I know this does not mean much to an admin, or those of blizzard, as you have plenty of customers, but I would hope this would open your eyes to the issue at hand for your future players.

Lastly,

I am currently on my home PC, running Windows' vista, on Mozilla Firefox, why is it on these forums, upon right click and requesting the "Page info", do the technical details provide me with this information:

Q u o t e:
Technical Details:

Connection not encrypted.

The website forums.worldofwarcraft.com does not support encryption for the page you are viewing.

Information sent over the internet without encryption can be seen by other people while it is in transit.

I would also like to note, that my RL buddy does not own a wireless router, or any form of wireless connection in his home. The man even uses a hard-wired telephone for heck's sakes. He has 1 modem and 1 wire running from his bed-side table to his laptop.

I would appreciate the typical forum go-ers to refrain from flaming the admins on my thread. Issue's like these, I'm sure, are not issue's they could possibly be aware of, but the fact that this many people are having issue's with battle.net, should open your eyes a-bit. The simple fact is if something IS going on, you not advising us, even if you aren't sure and you are just dismissing the accusations, IS illegal, and I will be seeking legal council on the matter both with him and on his behalf.

I transferred to battle.net a long time ago, and had no issue's back then. Have not been hacked since the swap, but that was not prior to it being a mandatory thing. That is a switch I had made based on 4 years of trust in blizzard and their personal integrity, a trust and thought of integrity that has now been destroyed by these recent occurrences.

Malkorix

#65 - Oct. 27, 2009, 1:57 a.m.

Q u o t e:
How exactly could this issue have arisen.

Very simply, he could have been 'compromised' quite a long time ago, and those who acquired his personal information only took the opportunity to take advantage of that information after all this occurred =/. There really isn't anything particularly mysterious about it, though it is very good news that your friend has a new system, as it should hopefully be easier to ensure that from here on out that it remains secure.

If your friend decides that he'd prefer to give account recovery a shot, you may wish to direct him to the following threads:

** Computer Security Recommendations **
http://forums.worldofwarcraft.com/thread.html?topicId=1778038509&sid=1

** Account Compromise Info Center **
http://forums.worldofwarcraft.com/thread.html?topicId=14318909866&sid=1

Blizzard Authenticator
http://us.blizzard.com/support/article.xml?articleId=24660
http://www.blizzard.com/store/search.xml?q=authenticator

Mobile Authenticator
http://us.blizzard.com/support/article.xml?articleId=26109

Q u o t e:
I now have lost the one RL person in wow that I continued to play this game with, and will probably be canceling mine as well to pursue a newer game, where the hacking issue's aren't nearly as severe. I know this does not mean much to an admin, or those of blizzard, as you have plenty of customers, but I would hope this would open your eyes to the issue at hand for your future players.

Every player is important to us so I hope that you both reconsider. Especially since it seems that to depart now is to leave over confusion regarding the true facts of the situation.

It is crucial to understand that account security means not only having a clean system, but good security practices all around. The best malware scans in the world won't make a difference if one provides account information to a phishing site - or if account information is shared with another player who isn't quite so scrupulous about account security.

Account compromise is an issue everywhere, and it is far from World of Warcraft specific.

Malkorix

#68 - Oct. 27, 2009, 2:03 a.m.

Q u o t e:
That sure as hell is not a blizzard email, how did these phisers obtain his brand new email address when the only website it was provided to, was Battle.net

That's a good question, though there are certainly a number of ways that it is possible for this to have occurred.

May I ask for the name and realm of a character on your friend's account? It is doubtful that I'll be able to provide more information here, but I'm willing to take a look.

Q u o t e:
Let's crush this heretic, team, in the only way that makes sense, let's prove him wrong by fixing pals problem!

This isn't remotely simple and without specific insight a diagnosis is all but impossible. In a situation where an individual practices rigorous account security, then the actual compromise itself generally occurs due to account sharing or phishing (though other client side issues are possible).

Malkorix

#78 - Oct. 27, 2009, 2:20 a.m.

Q u o t e:
My only issue with that, is even if they did have his info quite a long time ago, how would any of that information have assisted them? If they new his account name, well, that would not do them any good, as he now requires an email address to log into to the game.
If they had his old password, well, that still would not be the issue, as he chose a new one when he completed the account merger.

If that was the only information that was gleaned, then you'd be correct. All too often, that isn't all that is acquired =/.

I won't go into detail for what I hope are obvious reasons - but personal information is sensitive and should be protected as well.

Malkorix

#81 - Oct. 27, 2009, 2:22 a.m.

Q u o t e:
He says that he will log onto his account, and post via low level alt to you on this same post here, advising you he is the account owner in question. He has asked me not to post his characters name, to avoid the persecution that I have already received from other people on this forum, and does not want his main known by all these people. Is that acceptable?

I don't think disagreement and persecution are the same thing, but a 'main's name is surely unnecessary. Any character on any realm on the account will do - even one created specifically for the purpose.

Q u o t e:
He can post with any character on his account. It doesn't have to be his main. Another option is you could give Mal his name and realm then edit it out quickly to maintain privacy as well. The GM's have the ability to see edits, where as the regular players do not.

This is also correct.

Malkorix

#96 - Oct. 27, 2009, 3 a.m.

I'd prefer to limit speculation guys. These causes are rarely clear.

Also, I'll thank everyone to limit their inter-personal friction. I'd prefer not to have to delete any further posts in this thread.

Vrakthris

#103 - Oct. 27, 2009, 3:22 a.m.

Unfortunately it seems we may have a little back and forth continuing in this thread so it would be best to lock it. Malkorix should return tomorrow morning.