Blizzard security breach and Q's on gold

#0 - Aug. 24, 2010, 7:50 p.m.

Greetings,
Some back story-
My account was never shared and my PC has always been VERY secure. I canceled my account last year and manually de-activated my account. I also followed up to ensure the account was completely disabled and subscription was canceled.

Fast forward to last week- a massive security breach has obviously occurred at Blizzard as after a year of inactivity, this account was suddenly re-activated and re-subscribed, all without my permission and without my credentials. In fact, the PC that was used with WOW over a year ago was completely destroyed and the HD security formatted and put in an external drive I keep on my shelf and haven't used for about a year.

All the personal information contained in my account was obviously violated by this security breach at Blizzard. While the game admins have restored much of what the violator destroyed, there appears to be a one-month time subscription on my account (dated 8/21) which I would figure has some way of tracking who the individual was that breached Blizzard's systems to activate and re-subscribe this account without sending any kind of email notice, etc.

Lastly, while I spent the better part of a day re-installing WoW software on this new computer, upon logging in (after a year of not logging in!) I spent 2 hours retrieving all the GM/support emails of items the compromise user destroyed. What I also found dozens of emails from auction purchases (gold farmer, obviously) that amount to some ~600g worth of sales. My other character, which is a mining/smith also has 500+ ore I never gathered.

So the questions are:
a) What should I do with the gold and ore before re-canceling my account? What can I do to trace the billing info/subscription and/or online auctions to help nab the people that breached your systems?
-and-
b) How can I ensure this wont happen again? I was hoping to keep this account inactive should another expansion (Cataclysm?) be released, but it appears having personal or billing information on Blizzard's servers is a bad security risk.

This had nothing to do with my side as I have multiple levels of security software, including Sophos, and even use a Cisco 5510 network appliance for firewall security. The account has been safe and cancelled since last year so the credentials were obviously not hijacked yet a breach occurred.

I can very clearly say account credentials never leaked from my side of things, no websites have ever been used aside from these forums regarding this account, as well as no emails for the subscription were ever received despite the valid email still in the account when it was breached.

Lastly, kudos to the GM's and support team for turning over the account so quickly. From the point of notification of 'exploitative' activity to restoration and turning around the account was just a few days. While I am angry that Blizzard security has been breached, I am very satisfied and quite impressed with the level of service yielded to turn around the situation.

Thank you for your time!

Orlyia

#88 - Aug. 25, 2010, 6:34 a.m.

I can tell you - as of now, our security has yet to be breached.

Now, how did this happen? Excellent question.

Trafficking in illicit virtual items and services is a multi-BILLION dollar a year business. The people that do this have a vested interest in stealing and using any account they can come by - hook or crook, and they are pretty good at it.

Malware, social engineering, phishes, fake websites are all part of their repertoire.

It's frustrating and a violation. Not knowing is even worse.

We do sometimes have clues on our side, but ultimately it's up to every player's vigilance. I know you are concerned you've been inactive for a considerable period of time, but it's a fallacy that they get your information and necessarily use it right away. They have accounts in reserve for when they need to put them to use.

Now, on the malware front. Presuming for a moment they did actually get your information back in time, it looks like you may have possibility been using multiple systems right before you left, or at least different locations. ANY system that was used to access the game, our website or account management should be suspect. Adobe has had several vulnerabilities over the past few months - any one of which you may have fallen victim to an never even realized it. Other software and indeed the OS have had many patches during that time period as well.

That's why we developed the authenticator. Even the most savvy and vigilant player cannot protect themselves from a zero-day vulnerability. It provides an additional layer of protection.

Email accounts themselves are another method of entry if they can manage to compromise them. Using the same password and ID ANYWHERE else is high risk.

Re-opening an account for them is as simple as it would be for you....once they have your information. They do often use stolen credit cards for this purpose.

It probably goes without saying, but I will for the benefit of anyone else that may read this post at some point, not necessarily that it pertains to your case at all....dealing with these thieves is an EXCELLENT way to paint a bulls-eye on your account. Their very own 'customers' are their favorite targets. They know they have gold - they just delivered it, and visiting such sites is one of the more prevalent causes of malware infestation. Same goes for their 'services' which are even worse because a player hands over the keys to their account. The stolen credit cards I just mentioned above? Yeah, those are often from their 'customers' as well.

Now, it's possible something recent DID happen, this all occurred around 8/21. If you use the same password/ID anywhere else it's possible this was a crime of opportunity. Brute force just isn't a tactic used, but they will challenge any password combo they glean from other sources. That's why it's high-risk to reuse passwords and IDs anywhere else - especially websites.

All the above also applies to account sharing. Not that you have, but some players do and it is impossible to know for a certainty where that information was used...much less how - or how secure the systems used were. Even 'lending' an account to a friend to post on these forums can open the door to that if the posting player is afflicted with malware.

All the above, just the tip of the iceberg. These are the more common things we see, but by no means the only ways this happens.

We do try to help any player that finds themselves in this position as best we can. If we restored something in error, I do appreciate your honesty and we can have another look at that. By the same token, if something got overlooked, please do let us know as soon as possible.