#9 - April 28, 2010, 7:42 a.m.
Q u o t e:
Rather confused. Apparently someone logged on all 4 of my 80's on Kil'Jaeden, and my friend saw them. Whispered all of them and no response. So he decided to text me, and I got up out of bed immediately and changed the PW. Logged on to find nothing gone, just all my toons by the bank.
Sooo... Pretty much, any suggestions on how to fix this? First time i've ever been hacked. I seldom use anything besides WoW, AJ, EJ, and MMOchamp and facebook.
Is there anyway I can help protect my account security to a higher extent? I use rather intricate PW's. cant think of much else
Yup, there most certainly was and intrusion briefly a bit earlier today.
Good to hear that nothing seems to have been molested. Sometimes they log in briefly to take stock of an account, but they WILL be back if they can still get in. Even accounts with no particular worth in terms of gold are put to use to spam and do other nefarious activities.
Making sure your system is secure is imperative - as is making sure your other programs like Flash are also up to date. ANY site can be vulnerable to an infected ad banner if your system is vulnerable to the methods they use to deliver the infection. Flash has had several updates over the last few months to try to combat that exact thing.
Also, email accounts can also become compromised.
Social Engineering is another major cause of this. In game tells, mails - and phishes through your regular email. Remember, if we ever send you a message in game or email ingame it WILL have our little blue Blizzard logo on it. Email phishes are getting sneekier - they can at times look very legit - but they won't really be from us - and will often send you to domains that aren't ours. Beware, internal FROM addresses and links in an email can be spoofed/misdirected. It pays to check the internal routing headers on any email saying it's from Blizzard, as well as being extremely careful that an otherwise legitimate looking link actually goes where it says it does - and that it's us.
We of course will NEVER ask for your password. It simply does us no good at all, we can't see it - it's not even valuable to us for any kind of verification purposes - we have nothing to verify against.
Using the same pass/ID anywhere else is also a high-risk. Say you use the same password and ID on your guild website - or any website to sign in....and that site becomes compromised. That becomes a crime of opportunity to just go down the password list to see which ones might work and have WoW accounts.
Naturally, sharing account information with anyone else is against our rules - but one of the reasons WHY it's against the rules is because once anyone else knows that information you've lost control and knowledge of where that information might be used - and what else might be lurking on the system it's used on. Not saying you've done this at all - but that is another way this can happen.
Similarly, using any system that anyone else has access to can produce much the same results. Any system you don't have complete control over - especially public ones, are higher risk.
I doubt it needs to be said, but dealing with illicit dealers of virtual goods is just BAD NEWS. A huge portion of their 'product' is actually stolen goods - often stolen from their very own customers or innocent players they've manage to trick or scam out of their account information and strip.
And none of the above may apply because there are literally hundreds of ways these guys trick, scam and steal - but those are the broad strokes and the most common causes.
Does that help at all?
Oh - and get an authenticator :)
