Blue Tracker
World of Warcraft Blue Posts
Diablo II: Resurrected Blue Posts
Diablo III Blue Posts
Hearthstone Blue Posts
Overwatch Blue Posts
Heroes of the Storm Blue Posts
Diablo IV Blue Posts
BlizzCon Blue Posts
Warcraft Rumble Blue Posts

Hacked for a second time in 2 days

Forum Avatar
Exodos
#0 - June 22, 2010, 7:18 a.m.
Blizzard Post
After getting hacked the first time yesterday, I scanned my comp with updated virus scan software and spyware, and nothing came up, thought it was over and got hacked again an hour after the phone services closed. Can you remove the authenticator from my account and unlock me.....guess they came for the rest of my gear....please take the authenticator off?

Also, do i need to put in another email about this second hack?
Forum Avatar
Orlyia
#3 - June 22, 2010, 7:26 a.m.
Blizzard Post
So, where was the security breach, Exodos?

Sounds like you still haven't located it.

If they got in THAT quickly, you most likely have still unidentified malware, or your email itself is compromised.

This wasn't locked - they added another authenticator, which means they STILL have access to your Password and ID.

This authenticator is gone, but they WILL be back unless you find out how they are getting your information.


This sticky may be useful.

Account Hacked? Security Issue? Look Here!
http://forums.worldofwarcraft.com/thread.html?topicId=24702231244


You may also want to look into getting an authenticator for your account. It's no substitute for good security habits, but it will help keep them out of your WoW account.

Blizzard Store
http://us.blizzard.com/store/browse.xml?f=c:6

Mobile Authenticator
http://us.blizzard.com/support/article.xml?locale=en_US&articleId=26109
Forum Avatar
Orlyia
#5 - June 22, 2010, 7:50 a.m.
Blizzard Post
There is no email on these simply because to add one they already have the information that in fact makes your security compromised - your password and ID.

The fact the password was changed and they got another on so quickly is what tends to send up red flags that either your system or email itself still has a breach.
Forum Avatar
Orlyia
#7 - June 22, 2010, 8:02 p.m.
Blizzard Post
But to add another authenticator at the point this happened, it would appear they DID get your new password.

You didn't change it back to the old one did you? I know that sounds like a silly question, but we've seen it happen :)
Forum Avatar
Orlyia
#9 - June 22, 2010, 8:30 p.m.
Blizzard Post
Even if they hadn't put that on, they'd have just walked right in and did exactly what happened anyway.

If you'd like to see this implemented, you are certainly welcome to post in Suggestions, but I believe the thinking to this point is the horse is already gone at that point, and it would make it harder for folks to add their own legitimate authenticators.

That, by the way, IS a way to keep this from happening. They can't add one if yours is already on there :)
Forum Avatar
Orlyia
#11 - June 22, 2010, 8:58 p.m.
Blizzard Post


Q u o t e:
Unless you own an authenticator, and in that case, they can create a backdoor Trojan to send you to a fake server and intercept your authenticator digits first and sign on to your account while locking you out? Hasn't that already happened?


I swear this is getting to Urban Legend proportions. Has this happened, yes. So rarely, it doesn't even make a statistical blip against the number of other compromises. It takes a very specific, very nasty piece of malware AND a real-time attack to pull this off - and then they get in, ONCE. This is the very same technology banks use.

Q u o t e:
And how would it make it harder? I have confirmed emails each time I change my password/email preferences on battle.net. I would think it would make sense to put email confirmation on activating authenticators. And in my situation (which seems to be common lately), I could have stopped the authenticator from being added and I wouldn't have been locked out and may have been able to save my account by changing information.


Possibly, but MOST compromises they are in and out and the player isn't aware for days or hours later. It is very rare to actually catch them in the act.

Q u o t e:
And my email confirmations was just an example, and yes, ill see to putting it in the suggestions box, but something has to be done because the flaws in the authenticators are being shown and the hackers are exploiting it. I don't really feel any safer with the authenticators because yes, I have been hacked, but it is the first time and I have had this account since Vanilla Wow. And the method stated above with the backdoor Trojan, from what I have heard, has happened.


The authenticator is not flawed, they work just fine. A man-in-the-middle attack is going AROUND an authenticator and is very hard to actually pull off. No one has hacked THROUGH an authenticator.

Q u o t e:
And I appreciate all the replies and comments / concerns Orlyia


You are most welcome. I know this is frustrating. This is probably the single most exasperating thing that can happen to any player. We do our best to get things back in shape, but they have GOT to be stopped on your side from getting hold of your new information, or they WILL be back. These guys just love helping themselves to seconds.
Forum Avatar
Orlyia
#13 - June 22, 2010, 9:46 a.m.
Blizzard Post
Q u o t e:


On an off note, what was up with the hackers writing websites on the ground with dead bodies, then making them jump up into the air, clutter together and move along the sky to another point to spell out something else? That was weird lol. It felts like the end of days :P and I thought "man....this is definetly going to get Blizzard's attention" lol


Well, if you were around a few months ago, you'll notice the spam on the ground isn't possible anymore.

The floating billboard trick IS possible....

<.<
>.>

But they don't usually last very long till the gremlins come along and eat them :)


*mwahahah* *cough* *cough*