A Satisfying End to an Annoying Night

[sabotai]

A little over a month ago, I canceled my WoW accounts. I had given dual-boxing another try, and although I do like it, I decided that I didn't play enough to justify $30 a month. So, I canceled my accounts and dove back into other games and hobbies. I decided that if I do start up WoW again, it will be with just one account and that I will want to start over completely with the new expansion.

A little more background for tonight's story. I have a toon on WoW called "Sabotai". He is a level 80 Druid on the server Lothar. I have not played this toon in well over a year.

This afternoon at around 4pm I get a text from a friend of mine asking what I was doing on WoW. Uhhhh..... I call him and ask what's up. He tells me he saw my level 80 Druid, Sabotai, online. Fuck...

So I go online and look over all on my possible choices. I email billing to inform them that my account was hacked. I try calling their 1-800 number for awhile, but just kept getting the "Sorry, we're busy" message. I try logging on to my Sabotai account, but keep getting asked for an Authenticator number. I never used an Authenticator (...perhaps I should have...). I try a password reset. I get an email to reset my password, change it, and try again. Still asking for an Authenticator.

Then I try my second account....it works. It seems the hackers only took one of my accounts.

So I log in, activate my second account, and head in game. I have to create a new toon since my dual-boxing was on a different server. Sure enough, Sabotai is still online. I ticket a GM and wait. I send several whispers to Sabotai to see if I could get a response, but of course I don't. Knowing my ticket won't be addressed for some time, I log off.

Having a one track mind, I can't let it go. I go food shopping. When I get home, I recheck the status of my email and log back in to see if the ticket was taken care of. Nothing. I study some French...recheck...I do some Japanese study....recheck....play my keyboard for awhile...recheck...watch videos on youtube...recheck...finally, at around 1am, I log in and see that the ticket will be taken care of soon. So I stay logged on, hoping to get to talk to a GM and have this resolved tonight.

Well, the message changes to "The ticket has been read and click for our response" or something like that after about a half hour. So I click it and the message is the a very long and polite message basically saying "I'm busy as a mofo, so I just referred this to billing. Expect something in 3-4 days." Oh well....I guess the gold farmer gets to farm gold for a few days.

But then I notice an email. A request to change my password. Perhaps the GM completely reset my account as well. So I change my password again, knowing that it probably won't work. It didn't before....but it does. I log into my battle.net account, see that it's active - that it was activated today.

So I log into WoW. First thing I notice is that I only have 3 characters on Lothar. That's not right. I should have 5 or 6. At least the 1 bank toon that is no longer there. Me logging in must have forced the other guy off because as soon as I log on to Sabotai, I hear the all too familiar sound of my toon being killed and then see it appear before a winged spirit healer. I let the spirit healer res me and I'm back in control!

My bags have some Frostweave cloth and some gray items in them. Although, not much gold. He was obviously farming Frostweave cloth. Since I was never going to play him again anyway, I sold off all my items, bought worthless NPC items with the gold and destroyed them. And then I deleted the character.

I log onto my low level alt to do the same. He had a bunch of auctions for Frostweave cloth come into his mail and had about 700 gold on him. Since they seemed to selling for 5 gold (and change) a stack, this 700 gold must have been his day's work.

So I buy up expensive NPC items and destroy them. All that farmed gold, gone in a matter of minutes. His full day's work was RUINED! I delete the alt toon as well. I also delete all of the characters on the account that are on other servers and then cancel the account. I then send a second email to billing to let them know it was me who deleted everything. Since this account was compromised, I'm never using it again, except to occasionally log in to make sure it hasn't been hacked again.

real Sabotai 1
gold farmer psuedo-Sabotai 0

At first, my main concern was that he somehow got a hold of my credit card info as well. However, the credit card he used was not mine (last 4 digits were different). I also looked all over my other battle.net account and did not find my CC info on any screen, except for the usual all-astericked-out version you see on receipts and other online accounts. Just to be sure, I've been checking my CC account throughout the night, and will probably continue to do so frequently for the next few weeks (more frequently that I usually do, which is a few times a week), but it seems like that is safe. But before I could get into my account, it was a concern and was the main reason I wanted this taken care of tonight.

So, now I get to go to bed, knowing that I ruined some gold farmer's day. Almost makes it worth it. Almost.

tl;dr : Some gold farmer hacked an old WoW account of mine. He spent all day farming gold only to have me get control of my account back, losing all of the gold he farmed.

[JediKooter]

Haha! Nice. Too bad you couldn't see his reaction when you did it. How does a Wow account get hacked anyway? Is it just random luck they get the right password to the account?

[Peregrine]

Great story! I had my WoW account hacked recently too, which is very strange since I hadn't used it in over a year, and hadn't been paying for it. I just got an email out of the blue from Blizzard indicating I had been banned for this and that. I just responded and told them that I hadn't officially paid for or had the account active in over a year - they took a look and were like - "Oh, yeah!"

Apparently someone was able to substitute their credit card info for mine and reactivate the account without me knowing about it - since I didn't intend to play WoW again it didn't really matter, and the credit card info on the account was no longer correct anyway since it had expired by this time.

[Lathum]

Umm, I have 3 toons on Lothar, could have used the gold, thanks...

[Fidatelo]

My account got hacked a month ago, it had been inactive for a couple of years. I still haven't resolved the situation yet, because they told me I had to call support and every time I call it tells me the volumes are too high and to call back another time. Part of me wants to resolve it just to 'get it back', but part of me doesn't really care enough to phone support every hour until I can get through.

Blizzard might want to look into upping their security if so many of us are getting hacked all of the sudden.

[Eaglesfan27]

I don't even play the game much, but I think my account has also been hacked. It's asking me for an authenticator key to get into my account management or my in-game log-in. Frustrating. I actually only checked either one because of this thread. I've emailed Blizzard support.

[cartman]

Evidently this is becoming a common occurrence.

Real threat in virtual battleground: hackers

[Lathum]

I don't wanna sound like a douche but just get an authenticator. They cost, like, 6 dollars then you never need to worry again.

[bulletsponge]

got mine hacked last december. the hacker put an authenticator onto it also. my bor who plays called me and told me someone was playing my too when a guildy told him about it.

[Eaglesfan27]

Quote:

Originally Posted by Lathum

I don't wanna sound like a douche but just get an authenticator. They cost, like, 6 dollars then you never need to worry again.

The last time I played, I don't even think the authenticators were an option. It's been a few months. Now, I can't get in because of that. Still no reply from Blizzard either.

[illinifan999]

Quote:

Originally Posted by Lathum

I don't wanna sound like a douche but just get an authenticator. They cost, like, 6 dollars then you never need to worry again.

There's a new virus out right now that is capable of getting accounts with an authenticator. So while still the best option against getting hacked, it's not as invulnerable as previously thought.

[Fidatelo]

Ya I'd never heard of an authenticator before this thread. But hey, why should I trust Blizzard to just keep my dormant account secure when I can pay them a few bucks for that luxury?

[Alan T]

Quote:

Originally Posted by Fidatelo

Ya I'd never heard of an authenticator before this thread. But hey, why should I trust Blizzard to just keep my dormant account secure when I can pay them a few bucks for that luxury?

I don't play these games, but the issue isn't necessarily the game's fault. Most of the time MMO accounts are hacked due to either poor passwords used by the end user or because of the end user getting hit with a virus on their system from web surfing.

It is reported that the vast majority of iframe exploits on web servers out there (even ones that have nothing to do with games or MMOs or WoW) have some form of payload which has the intention of stealing WoW (or other popular MMO) accounts.

The best way to protect against those type of attacks is of course disabling the ability to view iframes through an application like no-script. The last time I checked on this, there were over 3 million web sites on the internet that were unknowingly hacked with an iframe exploit like this one.

[saldana]

Quote:

Originally Posted by illinifan999

There's a new virus out right now that is capable of getting accounts with an authenticator. So while still the best option against getting hacked, it's not as invulnerable as previously thought.

there are rumors about this every few weeks on the WoW forums, and they are invariably BS...if there were a virus that could hack a random code like that, they would be using it to rob banks, not steal warcraft accounts.

the new thing is to hack your password and then add the authenticator to it since a single token or phone can be used for half a dozen accounts, so everyone here that said they logged in and were asked for a code would need to contact customer account services and if you want your account back they will likely ask for you to prove your identity.

@sabotai...too bad you didnt just mail all the gold to me or lathum...we have lots of toons on Lothar...Saldana the Druid could have used 800 gold!!!!

[Fidatelo]

Quote:

Originally Posted by Alan T

I don't play these games, but the issue isn't necessarily the game's fault. Most of the time MMO accounts are hacked due to either poor passwords used by the end user or because of the end user getting hit with a virus on their system from web surfing.

It is reported that the vast majority of iframe exploits on web servers out there (even ones that have nothing to do with games or MMOs or WoW) have some form of payload which has the intention of stealing WoW (or other popular MMO) accounts.

The best way to protect against those type of attacks is of course disabling the ability to view iframes through an application like no-script. The last time I checked on this, there were over 3 million web sites on the internet that were unknowingly hacked with an iframe exploit like this one.

So my browser got hacked and they stole my password from where exactly? I haven't used that account in 2 years. I don't have it stored anywhere. I don't think that's it.

I guess my password isn't uncrackable, but its not like my dogs name or something. I think they found some other way to get it.

[illinifan999]

Quote:

Originally Posted by saldana

there are rumors about this every few weeks on the WoW forums, and they are invariably BS...if there were a virus that could hack a random code like that, they would be using it to rob banks, not steal warcraft accounts.

It's been confirmed by a blizzard employee. Basically what it does is the next time you log-in after you've been infected, the game asks for your code. The virus "intercepts" it, sends it to another server and sends a wrong one to blizzard so you get an error. They then use the real code to access your account.

[CrimsonFox]

You'd think they would build some code into the front end to check for viruses and hacks on your system when wow boots up and tell you about it BEFORE you log in. Then again with some of the crap bugs and quests I've seen lately as well as some of the wonky interfaces as well as the "intelligence" of thinking Death Knights were a good idea, I don't think blizzard has it that together anymore.

[Alan T]

Quote:

Originally Posted by Fidatelo

So my browser got hacked and they stole my password from where exactly? I haven't used that account in 2 years. I don't have it stored anywhere. I don't think that's it.

I guess my password isn't uncrackable, but its not like my dogs name or something. I think they found some other way to get it.

What I posted might not have then been the reason you were hacked. From what I understand the common virus that i mentioned installs a keylogger which would likely have required you to have logged in the game. So if you haven't logged in then you possibly had some other method of having your account hacked.

Don't shoot me, I'm just trying to provide the information for people to understand the most common method that MMO game characters are stolen these days.