Blue Tracker
World of Warcraft Blue Posts
Diablo II: Resurrected Blue Posts
Diablo III Blue Posts
Hearthstone Blue Posts
Overwatch Blue Posts
Heroes of the Storm Blue Posts
Diablo IV Blue Posts
BlizzCon Blue Posts
Warcraft Rumble Blue Posts

How is everyone being hacked?

Forum Avatar
Draek
#0 - April 26, 2010, 1:22 p.m.
Blizzard Post
This is a serious question to Blizzard, this recent wave of account compromises is out of control!

What method are they using to compromise people's accounts? It's obviously some new technique, or virus; none of us have had issues until last week. Six raiders in my guild have been hacked this week, including me, and most of us use adblock/noscript/antivirus/firewalls. Some of us only use our computers to game and don't even browse webpages on them. Some of us have authenticators, and we've STILL been hacked.

I've been waiting 10 days for my gear/guildbank restoration;. After I was hacked, everyone in my guild ran virus scans and upped their security to avoid the same issue. It's not helping--last night we lost another Holy Paladin to it. We're probably going to have to cancel raids this week while we wait for gear restorations, stalling our progression through heroic ICC.

What are we even supposed to do? People who haven't logged on in months and don't even play the game anymore are being hacked, people who take every security measure possible are being hacked--do you guys know what method the hackers are using? What more can we do to protect ourselves against this nonsense? It's killing my guild, killing my arena teams and killing the game.

Can you tell us the name of this new virus so we can increase our security? Some of us haven't found a single infection on our computer after being compromised. Or are they using automated software to crack accounts the old fashioned way? What is going on? :|
Forum Avatar
Orlyia
#2 - April 26, 2010, 1:29 p.m.
Blizzard Post
Get authenticators. It'll stop 99.99999% of them.

Really, they will.

There are MANY ways this can happen. The two most common are malware and social engineering.

In a situation where there is a cluster, there is also a possibility of a common vector. No one should ever share an account, but in some cases they do and one person with an infection can get the whole lot compromised. You may trust your bestest friend - how much do you trust their system security?

Another rather common cause of a cluster compromise is using the same password/ID on websites - such as a guild website. If that website becomes compromised, that's a crime of opportunity.

It's possible everyone went to the same website for some reason that was infected, that's another possible source of a cluster - or downloaded an infected file that was supposedly an app.

Compromises go through cycles, we've really not seen anything out of the ordinary although if you know several players it's happened to all at the same time it may seem like a huge spike to you.

I do wish you and yours the very best on recovery. At the moment, they are running just a little longer than they have been lately, but we are getting to everyone just as quickly as possible. You probably already have this information, but I'll post the fuller instructions below.

------------------------

If an account has been merged to a Battle.net, or if an email has been changed, or an authenticator added to the account (not the player's own) one of your first stops is going to be Billing. They need to get those sorted out first so the rest of the processes can continue.

Billing and Account Services
Phone Support - 1 (800) 59-BLIZZ (1 (800) 592 5499)
Live Representatives Available 7 days a week, 8am to 8pm Pacific Time
E-mail Support - [email protected]
    Players in Australia should call 1-800-041-378
    Players in Singapore should call 800-2549-9273
    Players in Chile should call 1230-020-5554
    Players in Mexico should call 001-888-578-7628
    Players in Argentina should call 0800-333-0778
    All other international players should call: (949) 955-0283


Now, it's very very important to figure out where the security breach occurred. If they CAN get back in, they WILL be back. That, unfortunately, you can count on.

These two stickies should prove helpful.

Computer Security Recommendations
http://forums.worldofwarcraft.com/thread.html?topicId=1778038509&sid=1

Account Compromise Info Center
http://forums.worldofwarcraft.com/thread.html?topicId=14318909866&sid=1

You may also want to look into getting an authenticator for your account. It's no substitute for good security habits, but it will help keep them out of your WoW account.

Blizzard Store
http://us.blizzard.com/store/browse.xml?f=c:6

Mobile Authenticator
http://us.blizzard.com/support/article.xml?locale=en_US&articleId=26109

I do wish you all the very best on a speedy recovery.