Blizzard lets accounts get stolen.

#0 - May 31, 2008, 9:58 a.m.

From what i can tell, this is the truth. Did my account get stolen? No it did not. but my guild master's account did. Tonight while most the guild was off line sleeping. including my guild master. a very complex and well thought out process of account theft began.

I first saw my guild master come on about half an hour after she had logged off for the night. At first we said hi and for her to get on vent. but then a guildy of mine said that something was off. and it defiantly was.

after about 10 minutes of my gm's account logging in and out of characters. i had the thought to check the guild bank. sure enough i found it being drained empty and the character of my guild master running back and forth between the guild bank and the Mail box

after emptying the guild bank the person then begain to once again swap characters about every minute.
I was harassing the person the entire time.

Then got on her main character and sat in shadow labs. this entire time i had a ticket open and was waiting for a gm to respond.

Of course it took a while and the result was reassurance that once my gm filed a ticket that it would be resolved.

I took that as it was "bullcrap" and came here to express my anger at what has happend and my disappointment that it was allowed to happen.

FIrst off my guild master is a middle aged woman. She would not ever do anything wrong that would compromise the security of her account. and yes i can garentee that without a doubt .

secondly i cannot believe that this was allowed to happen. Let me lay it out to make a little more sense.

A person "badguy" hears about an expliot of the game from non other than the game itself (flash player problem) then proceeds to learn or already knows how to work that exploit. then he goes to world of warcraft armory and searches for a list of guilds on his server that may be an option. he looks into the number of folks and Picks a few guilds. He then gets access to one of the many gm's accounts. Then (THIS IS MY FAVORITE PART) he asses the guild banks contents before even logging onto the ingame account!!!!!!! he just goes to the armory and logs on! hell it could have been a person who joined the guild that day with a level 10 account.. He then targets that account.. why? because that is the one with full access to a guild vault.

Then he strikes when the character loggs off. and at an average time where numbers of people online will be minimal...

How could all this have been prevented? I honestly dont know because im not a game designer. but i refuse to belive that things like this are an inevitability.

Off the top of my head tonight i came up with a solution to keep a guild bank from being completely destroyed by an incident such as this.

AN INGAME PASSWORD TO GET FULL ACCESS TO THE GUILD BANK!!!

pretty much the same guild bank as before. but the person with full rights to every tab will have a password that they make up upon either purchase of the guild bank or the account management option.

also.. if the person that did this gets off Scott free i will have lost all faith in blizzard as a company. because to allow something like this to go unpunished would be the ultimate sign up incompetence.

Now i apologize for my rough tone. but anyone who has every been stolen from will understand that it does not feel good when you can almost garentee the person who stole from your people will get away scott free

Syndri

#63 - May 31, 2008, 5:20 p.m.

It is the responsibility of the account holder to maintain a system which supports secure game play. This includes being aware of what's currently affecting one's home computer, as well as any computer which witnesses a World of Warcraft login. Restricting public information—for example: email addresses listed within a guild portal—is also a good habit to keep, though again remains at the discretion of the account holder.

Blizzard Entertainment cannot prevent the system on which one plays from being compromised or related information from being provided to unscrupulous sources. We are not omnipresent; this is not a power within our Spellbook. We have secured our internal databases. It is the player's charge to secure theirs. Short of shipping a Personal Assistant with each boxed copy purchase—one intended to both hand your hand and slap it when necessary—there is nothing more we can do to prevent client-side breaches.

With this, however, we realize that these catastrophic events will happen. That humans are not infallible. In response, we make every effort to restore affected accounts. This is a completely voluntary service we provide and the only thing we ask of players in return is to educate themselves, to learn from their mistakes and the mistakes of others and continue to monitor their "home" security. We even supply our population with information on how best to do so.

So, please—do not attempt to shirk accountability. We are not blaming players; we are, however, placing a certain level of responsibility upon them. Accept this responsibility, because it's the quickest way to prevent future compromise. And, if you have suggestions how we can better our services, voice them in our Suggestions Forum.

In the meantime, refer your Guild Master to these threads:

*Important* Key-Loggers and Computer Security
http://forums.worldofwarcraft.com/thread.html?topicId=1778038509&sid=1
** Account Compromise Info Center **
http://forums.worldofwarcraft.com/thread.html?topicId=3773308319&sid=1
Choose Your Own Adventure! How to Report an Account Compromise
http://forums.worldofwarcraft.com/thread.html?topicId=4913871448&pageNo=2&sid=1#32

Please let me know if there's anything else I can provide or assistance I can lend. We'll be happy to help your Guild Master; I wish her the best of luck. :)

Syndri

#73 - May 31, 2008, 7:32 p.m.

Q u o t e:
so is paying you.

Not under contention. As you've noted, it's completely optional that you lend us your patronage. Nice Red Herring, though.

Q u o t e:
but claiming account recovery is "a voluntary service" is bad bussiness at best.

No, it's the truth. We realize how devastating such permanent loss would be, so we've created specific subgroups, policies, and workflows to ease the transition and help our players faster. To state that this provision of aide—to the degree we're willing to provide it—is an edict of Support structures within the MMO world would be a fallacy.

This point was mentioned to counter any potential conflict surrounding our commitment to allaying the effects of account compromises.

Q u o t e:
You may be a game master but you and your team need some training I suggest...sigma-six to help work out your inefficiencies.

At present, most accounts are put "back on their feet" within 48 hours, receiving preliminary restorations through simple escalation. The turn around for more egregious losses is around 1 week. I believe same frame holds true for transfer reversals, if not shorter.

Is this ideal? No. We're consistently trying to improve. There is an equilibrium, though, between quality and expediency.

That said, if you want to apply: http://www.blizzard.com/jobopp

Syndri

#76 - May 31, 2008, 7:47 p.m.

Q u o t e:
OP made me LOL hard.

There's no reason to laugh, really. I understand it's likely not a personal gesture, but poking at someone's ignorance isn't going to encourage learning.

It'll just make'm angry and bitey—two states of mind which inevitably make people more stubborn and obstinate, and less likely to comply to suggestions.

I'm not trying to single you out, Zuunabelle, so please don't feel targeted. It's just a practice we all could do better to avoid. :)

Orlyia

#148 - June 2, 2008, 12:11 p.m.

Aye, I do believe everything that needs to be said on this has been.

Thank you one and all - we'll retire this one now.