Blue Tracker
World of Warcraft Blue Posts
Diablo II: Resurrected Blue Posts
Diablo III Blue Posts
Hearthstone Blue Posts
Overwatch Blue Posts
Heroes of the Storm Blue Posts
Diablo IV Blue Posts
BlizzCon Blue Posts
Warcraft Rumble Blue Posts

Hack? or Blizzard loop hole?

Forum Avatar
Stokez
#0 - Feb. 1, 2008, 11:01 a.m.
Blizzard Post
Well today was my first time ever being so called "hacked",and Ive been playing since the game was released to the public.
The scenario : Today I was with a 5 man group of guildies going to SV,to get the kara key frag when all the sudden I was Disconnected instantly (no lag, Thought it was normal because its been doing that a lot recently). Anyhow, As I use my macros to log back in (account name and password is keybound to a G-key), The game lets me know my password has been changed. Luckly I was on vent with my party and they told me my character had logged back on and left group. So I quickly went to the WoW website and used the automated password recovery and had my password switched. After that I got pretty paranoid and ran all my scanners and what not ,and came up clean. I find it odd since I only use this computer for gaming(I have a laptop for surfing/Downloading). The only things I download are addons, which I havnt downloaded for a while. I use every saftey precaution there is. And I change my password about every couple weeks and Bind it to my G key so EVEN if it WAS a keylogger theres no way to scan the macro. Nobody knows my password, for the very fear of getting banned for multiple IPs.
So my question is, since there is no chance that this is a keylogging incident , Could this be on blizzards side? Did someone find way of retrieving other players account info without going through the trouble of keylogging? Any info would be appreciated.
Forum Avatar
Aredek
#25 - Feb. 1, 2008, 12:18 p.m.
Blizzard Post
Good evening, Stokez.

I apologize that you have had the unfortunate experience of an account compromise. As a player, I fully understand your frustration and hope your issue is resolved speedily.

I feel as if the brunt of your post is aimed to indicate that the unauthorized access your account experienced can, in no way, be attributed to your computer security. While I wish I could back your statement, I, regrettably, cannot.

You mention that you use a macro program to enter your Account Name and Password. While this may thwart a keylogger, this can cause numerous security risks. I am unsure if you are aware, but macro programs rely on saved information to turn your keystroke into an automated function. In other words, having a macro which enters your password into the appropriate field indicates that your password is saved in at least one location on your computer and could be available to someone who has access to your computer locally or remotely. It is my personal opinion that you should refrain from creating such macros for this very reason.

Unfortunately, we are unable to verify how your account's security was compromised as we are unable to remotely monitor your computer. I wish I could provide extensive information regarding this issue, but this is an impossibility. I am sad to say that there are several malicious parties who strive to acquire account information using an enumerable amount of methods.

I implore you to review and apply the knowledge found in our Key-Loggers and Computer Security thread. This thread details several methods of securing your account and does not concentrate solely on keyloggers. This post can be found at the following location:

http://forums.worldofwarcraft.com/thread.html?topicId=1778038509&sid=1

Furthermore, if you have any questions in regards to how to retrieve and report an account as compromised, you will find our Account Compromise Info Center page to be extremely helpful. You can find this page, here:

http://forums.worldofwarcraft.com/thread.html?topicId=3773308319&sid=1

With all this being said, I truly wish you nothing but the best, my friend. As I mentioned, this is truly an unfortunate event that I would wish upon no one.

Good luck, Stokez.
Forum Avatar
Malkorix
#76 - Feb. 1, 2008, 7:05 p.m.
Blizzard Post
Q u o t e:
Inside job/support process. Feasible. While a stretch I don't think you can dismiss this possibility. I am not making accusations, since I have zero visibility to the internals of Blizzard. I just want to make sure this is considered. If I can call a support center, change my email, and have a new password sent to me as easily as I did yesterday, then I don't see why it can't happen. In my opion this is the most plausible case.


Um, not feasible actually =). Impossible, really.

There's a reason why we explain, repeatedly, that a Blizzard employee will never, ever ask for your password.

I cannot see anyone's password, period.

Game Masters may not view or retrieve your password in any fashion.

I am unaware of any other department in our entire company that has any ability, whatsoever, to ever view a player's password.

Specific processes must be engaged in to change an account's registered email address, and a replacement password may only ever be sent to an account's registered email address due to the nature of the system in place.

In short, not only are there separate safeguards in place (which I will not discuss) to ensure that our employees maintain their integrity (which we already take extremely seriously on an individual basis anyway) - the systems in place prevent this from occurring from the first.

I apologize, but I can say with absolute confidence that this is a ludicrous suggestion.