#15 - Oct. 15, 2010, 5:44 p.m.
Q u o t e:
I recently started playing again about 2 months ago, and logged in today to find all my gear and gold gone. No one knows my account password. Scanned my machine with multiple programs, all came up clean.
I am sorry to hear of the compromise, Zomglasers.
While the scans may have come up clean, that does not necessarily mean the computer is entirely safe. Several players have reported that that scanning their computers using the method below produced results that were missed before.
At the log in screen, enter in a fake email address and a gibberish password. Try logging in the game. Yes, you will receive a message indicating the information is invalid. All you need is to "trigger" the malicious program. Then begin running full system scans. Some keyloggers may not be detected until the game is running and information is entered.
Q u o t e:
What is to stop any one who knows my email from forcing their way into my account? Wasn't Blizzards big thing years ago supposed to be that you weren't telling any one your account info? Now they require you to make half of it public?
A hacker would need to know more than just your email address. They would also need to know the password to the account. If they did not know that, then they would need to know the answer to the secret question as well as your first and last name in order to have a new password emailed to you. From there they would need to also know the password to access your email in order to get this new password for the game.
If the email address on the Battle.net account is one you publicly use, you may wish to update the email address to a brand new email that will only be used for Battle.net.
Q u o t e:
And when I do go through the trouble of getting my account back, all my missing stuff, and changing my password, what is to stop whoever took it from forcing the password again whenever they feel?
An authenticator will help to prevent further compromise of the account. We do sell it on the Online Store for $6.50, however if you have an iPhone, iPod Touch, iPad, or a Droid, you can download the Battle.net Mobile Authenticator for free. If you do not have either of these devices, you may wish to check to see if your phone is compatible to run the application:
Mobile Authenticator Compatibility http://mobile.blizzard.com/us-en/support-compat.html/ Q u o t e:
I am lambasting the fact that they made things less secure to sell you things to make it secure again.
Authenticators were available to players long before Battle.net launched.
Q u o t e:
So am I wrong in thinking that when you add some one to your friends list in game via live address, that you are not required to invite them via your bnet log in address?
You are not required to participate in the Real ID feature. And if you choose to do so, you may wish to only accept friends you know in real life.
Q u o t e:
Take a look at your WTF folder. Even though you log on through an email address, it saves the info under the old account name. So once they log into your account, they have your account name as well, no matter what email you change it to. And you still cannot change it.
There is not anything a hacker could do with just a simple World of Warcraft account name. The ability to log into the game using this information no longer exists.
