#5 - June 29, 2010, 3:04 a.m.
Q u o t e:
My account was hacked today.
My computer is (and was) clean.
I've can access my account, and have changed my password.
The guild and the characters were stripped of everything (gold, gear, etc).
Two characters where moved via Paid Character Move, and the faction changed.
I've submitted a ticket, and am waiting a response from Blizzard.
I'm sorry to hear that your account might have been compromised. If you haven't already, you may find it worthwhile to read through the articles posted here:
Account Hacked? Security Issue? Look Here! http://forums.worldofwarcraft.com/thread.html?topicId=24702231244&sid=1 It would seem as though you have other concerns though, possibly borne of frustration. I'll do what I can to help ease your concerns.
Q u o t e:
Meanwhile, I'm confused.... (and need some answers)
I'm very security conscious and run all the most up-to-date software and security. In my 20 plus years online I have NEVER had an account compromised nor had any Mal-ware, ad-ware, spy-where, virus, Trojan, or the like get past my safeguards and compromise my system. (even now, my system is secure) - but my blizzard account was hacked. HOW? Were they no red flags to catch anything and verify?
I'm not sure what you mean by 'red flags', but based on the posts I've seen within this forum over the months, it seems that there's been a dramatic increase in phishing attempts. Some of which are quite clever, and will naturally leave no trace on a system. In fact, it doesn't matter how good your firewall and malware protection is if you give your account information away, which may be why we've seen an increase in these social engineering attempts.
Of course, some malware is particularly stealthy. It's a good idea, when running spyware scans, to make sure that your World of Warcraft client is open, and has gibberish typed into the account name and password fields, since some spyware 'hides' until those conditions are fulfilled.
Q u o t e:
Next, how could someone hack the account and do a Paid Character Move on two characters without knowing my secret question (that is part of the process right)? What about my Credit Card Verification number (for a new purchase) isn't that also required for a new purchase?
Actually, no - it is assumed that the registered owner of an account would be the one to initiate transfers, and there are no verification steps attached to the procedure. As to payment? That is often furnished with stolen credit card information.
Q u o t e:
Next, none of my other 100's of accounts have been hacked.. not my bank, eBay, PayPal, or any other account.. which brings me to the question of "if others can protect my account, why can't Blizzard"? Is this something from the blizzard end of things and not me? All the details point to this being the case. After all, all these account hacks can't all be placed firmly on the user. Where does Blizzard come in? Why are no other accounts getting hacked, just blizzard accounts?
Actually, we are constantly looking toward better methods to help our players secure their accounts. Ultimately, however, account security rests solely and squarely in the hands of our players. It would be inappropriate and invasive for us to assume responsibility for our player's system security, though we do attempt to increase awareness via the various articles and announcements we've made regarding security - including a long running Message of the Day in World of Warcraft itself.
Q u o t e:
Don't tell me my real money accounts is less appareling to hackers than my Blizzard fake money accounts.
Why not? A game account is both worth more, and carries fewer risks for the thieves. There are no international laws regarding the compromise of a game account, after all.
Q u o t e:
Finally, Blizzard is a business, they have my credit card number, why can't I call them? Why do I get "our queue is too full, call back later". My credit card has been used by someone not authorized to use it, and blizzard offers no way for me to contact them in a timely many about the situation. I remember the days when AOL was forced by the Federal government to stop advertising until they could provide adequate support to their existing customers, is this what will become of Blizzard? "No more new customers until they can support their existing customers adequately"?
You can call as well as email, in fact. If you have access to your World of Warcraft account, there is in fact no need at all to contact our Account Services department, and the petition you've submitted to report the issue is sufficient. Unfortunately, there are a huge number of incoming calls for a variety of reasons, and as a result it can be a challenge to get into the telephone queue. Recourse exists, though I am sorry to see if you've been frustrated at all.
Q u o t e:
If accounts are being hacked by/for gold sellers, why not eliminate the middle-man and just sell the gold yourself blizzard? it can't hurt the in-game economy much more than what is happening now, can it?
Respectfully, we happen to disagree. If that should ever change in the future, I'm sure it will be widely announced, but staying true to gameplay is important to us. Currently, we feel that offering a tangible in-game advantage for currency (rather than say, vanity items), is not an acceptable course. Indeed, Blizzard Entertainment has taken amongst the strongest stances against the very kind of exploitation you are concerned about.
Q u o t e:
Can't you follow-the-money? I mean, if I stole an account, transferred the account to another realm, changed the faction, mailed everything to another character, mailed it again, and perhaps even again through multiple stolen accounts, and finally to an account who's owner purchased gold from me, can't you follow this trail and take the gold back from the user who purchased it, take all their gear, and ban their account? Kinda eliminates the black market if you can't benefit from it, doesn't it?
To be fair, your example scenario is laughably simple compared to the complex webs these agencies weave in an attempt to cover their tracks. Not to mention, much of this illicit activity occurs on compromised accounts as well. I'm not in a position to reveal details, but I think one might be surprised at how often these activities are intercepted nonetheless.
Q u o t e:
Why can't you follow-the-money and make sure people know you can?
Eliminate the market for hacked accounts.
The market for compromised accounts will evaporate when players stop purchasing virtual currency for real world money. We've posted a fairly well heeled article on the subject, in fact:
http://www.worldofwarcraft.com/info/basics/antigold.html If you'd like to see a different set of tactics on this front, then please feel free to contribute your suggestions constructively on our Suggestions forum.
In the meantime, while restoration isn't guaranteed, I hope our staff are able to furnish you with as complete a restoration as possible. Good luck!
