#42 - March 25, 2010, 2:26 a.m.
Q u o t e:
So this is the 4th time I've been hacked.
A few months ago I got chain hacked over a period of 3 weeks, but then it stopped.
In that time, I purchased a computer with an on screen touch keyboard. My password is IMPOSSIBLE to guess. I use this computer ONLY & I mean ONLY for World of Warcraft. No browsers / email programs / etc are installed (except defaults, which have NEVER been clicked). My email was created specifically for my WoW account, so no one know's it other than I & Blizzard. How, how how how how how, did they get my password, and hack me, AGAIN ?
I understand that you're quite upset, and looking for reasons regarding how this might have occurred.
There are multiple methods by which this could have been accomplished, ranging from the sharing of account information all the way up to a compromised email address. Regardless, this account had been logged in from more than one location prior to the compromise - and any of those systems or networks
could have been compromised. Alternatively, the account information for this account might have fallen out of your hands and been used by others in your geographical region. In one fashion or another, your account security may have been breached long prior to the account itself being compromised.
It is very important to the security of your account, and to prevent this from occurring in the future to recognize that the security of your account is within your control, and to take the necessary steps to secure your system and account moving forward. These links can prove most useful in this regard:
http://us.battle.net/security/ ** Computer Security Recommendations ** http://forums.worldofwarcraft.com/thread.html?topicId=1778038509&sid=1 ** Account Compromise Info Center ** http://forums.worldofwarcraft.com/thread.html?topicId=14318909866&sid=1 Blizzard Authenticator http://us.blizzard.com/support/article.xml?articleId=24660 http://us.blizzard.com/store/search.xml?q=authenticator Mobile Authenticator http://us.blizzard.com/support/article.xml?articleId=26109 Q u o t e:
Even the last few times I got hacked, I still NEVER visited any blackmarket WoW sites, or downloaded any stupid programs, or opened any "WoW Account Closure" emails or anything like that. I'm not dumb, I know how to use the internet. Yet I still somehow some way got hacked?
Players who are 'not dumb' and 'know how to use the internet' have been compromised. Those who compromise accounts can be quite clever and they are very persistent.
Q u o t e:
The first time I got hacked, I logged back in a couple days later and others were like "OMGGG I GOT HACKED" And everyone was all like "ME TOO??", and trade channel was full of it. Coincidence that we ALL got keylogged & visited the same sites / opened the same emails ? Or was it maybe a security breach, the most logical reason ?
Trade channel is hardly representative of the activity of all players on a realm. More importantly, nowhere remotely 'half' of your realm has been compromised, and that kind of hyperbole is unjustified and unnecessary.
Account compromise is a serious issue - but it is one that can be defeated with appropriate security practices, knowledge and caution.
Q u o t e:
I spoke to a chap on the phone today. And I've mentioned my story to him, and I asked "Has Blizzard had any security or authentication breaches" and he stalled and said he could not answer that question.
Our Billing & Support Representatives simply aren't in a position to discuss that issue. The answer the representative gave you was not indicative of any kind of conspiracy or breach. More importantly, I can tell you that as of this posting, no, we have not had any security or authentication breaches.
Q u o t e:
So it's fair obvious that YOU keep or have HAD multiple security breaches.
We pay alot of money to play this game monthly, maybe you can spend some of your fortune on your security instead of a giant floating dragon with three heads that's swings an axe at you ?
Our security is actually very, very tight. We have a lot to protect - including our own confidential information. I've commented about this, and where the responsibility for the security of an account lies in the past:
http://forums.worldofwarcraft.com/thread.html?topicId=22048400200&postId=220463263841&sid=1#54 Q u o t e:
An authenticator is indeed an effective additional layer of security, and we've made the Mobile Authenticator free of charge for those who have eligible devices, while endeavoring to ensure that the Blizzard Authenticator is accessible to as many players as possible.
Ultimately, we must expect our players to take the necessary steps to protect themselves. It would be both inappropriate and intrusive for Blizzard Entertainment to intervene directly, not to mention potentially expose us to liability for any kind of intrusion on a player's system, not merely those related to World of Warcraft.
We're in the business of making video games. We try to craft the best experiences that we possibly can, and we hope that players the world over continue to enjoy them. That said, and while there are limited systems in place, we are not in the business of developing malware scanning or protection.
We realize that this is an extremely important topic though, and in addition to making Authenticators available, we also endeavor to help educate our players regarding the steps they can take to help protect themselves:
I genuinely wish you luck on the swift recovery of your account in the wake of this most recent compromise, and I hope you take the necessary steps to appropriately secure your system and account so that this never happens again.
