Security Issues

#0 - July 12, 2010, 9:03 a.m.
Blizzard Post
Having found out tonight that the account I had not played since early May had been hacked, there are a number of obvious observations.

First, none of the usual weak points seem to apply. The account was not hacked via my email as the passwords are different and the Battle Net one was unchanged. Both of the computers used to play WOW are mine and are running up to date anti-viral and anti-malware. Deep scans did not find any problems, a check of the process lists found nothing new or unexpected. No .exe mods have ever been installed etc. I have never bought/sold gold, used power leveling services, etc. The account is not shared, the password has never been written down, is not a name, date, etc. It was 3 letters, 3 numbers, and then 2 letters. They were random, not in any sort of pattern. In short, except for possibly adding an authenticator, there isn't anything I could reasonably have done to further secure the account.

Several things stood out.

1) Why didn't I have an email warning sent that an authenticator was added? This would have told me right then of the problem.

2) Eight different characters that had been created within a week or so of launch and were level 70 or higher were deleted. Again, this did not generate a warning message.

3) An additional 15 or so characters, including a level 80 DK were also deleted. No message to warn me was sent.

4) The two toons that were not deleted were stripped of all equipment. This should also generate a warning email.

5) Thousands of gold were moved off the affected characters. Such large scale movement should have raised a flag.

6) About 26 characters, all left at level 1 were created on to a server.

--------------------------------

This raises a number of suggestions.

1) Send a warning when an authenticator is added.

2) Send a warning email when a character is added or deleted.

3) Allow the player to set a threshold of gold per hour that can be traded via the AH, trades, etc before an email is sent to inform the player of the action.

Any of those would have made the hacking obvious. The lack of an authenticator warning is especially bad given how it is abused by hackers to lock people out of their accounts. There is really no excuse for it.
#1 - July 12, 2010, 9:07 a.m.
Blizzard Post
While you are more than welcome to repost this in Suggestions, to add an authenticator - they already have your password and ID.

Is the one currently on the account yours? There has been more than one added.
#4 - July 12, 2010, 9:16 a.m.
Blizzard Post
Q u o t e:
This is the account in question. I have never added any authenticator, so any on the account were placed by the hacker. I did change the password. My GF reported it via in-game ticket as it was after hours when this was discovered. That GM sent a password reset and I changed it after that. The authenticator is still on the account.


See if your latest password will work, Jotok. If you see an authentication box on your login screen - ignore it and enter through it.

I would recommend adding one of your own if at all possible. It is still imperative to find out how they came by your password and ID to keep this from recurring.

This sticky may be useful.
Account Hacked? Security Issue? Look Here!
http://forums.worldofwarcraft.com/thread.html?topicId=24702231244

You may also want to look into getting an authenticator for your account. It's no substitute for good security habits, but it will help keep them out of your WoW account.

Blizzard Store
http://us.blizzard.com/store/browse.xml?f=c:6

Mobile Authenticator
http://us.blizzard.com/support/article.xml?locale=en_US&articleId=26109