This site makes extensive use of JavaScript.
Please
enable JavaScript
in your browser.
Live
PTR
Beta
Classic
Increase in Hacked Accounts: Cause for Concern?
Post Reply
Return to board index
Post by
MasterOfDisguise
As someone who's been reading and posting in Blizzard's
Customer Service Forum
for over a year now, I can tell you that I've seen my fair share of complaints. Sadly, though, I've been noticing an increase in one particular thing—the amount of accounts that have been compromised or "hacked."
Should this be a cause for concern? With the number of compromised accounts increasing by the day, in spite of the numerous warnings Blizzard has put out, maybe it's time to both clear up the misconceptions as to how an account can become compromised and remind ourselves what we can do to prevent a compromise from happening—or for some of us, from having it happen again.
First off, I want to discuss how an account can become compromised.
Note: It seems that some people have formed conspiracy theories and thought that when their account was hacked, it was because Blizzard itself was hacked. This is false! Not only did Blizzard relinquish itself of account security in its Terms of Use, it is also legally obligated to inform its customers if an internal security breach has occurred. Given that no such announcement has been made, it's safe to assume that this hasn't happened.
Now that we've gotten that out of the way, let's go back to our original discussion: the hows.
If I were to simplify the problem of how an account can get compromised, it would come down to these two categories: knowingly giving away your login information, and unknowingly giving away your login information. But (being the nice person I am) I am going to expand on these two ideas and explain the different ways in detail.
Let's start!
Knowingly Giving Away Your Login Information
As per Blizzard's Terms of Use, account holders are only allowed to share their login information with one minor of whom they are the parent or legal guardian. As evidenced by the increased amount of hacked accounts, sharing this confidential information with anyone else puts your account's security at risk—with possibly devastating results.
Usually, the people with whom account holders share their information are siblings or other immediate family members and friends, but this can also be with power-leveling services. Either one can potentially cause your account to become compromised, but the latter can also be associated with a number of other problems. Think about it: Buying gold or power-leveling services is usually done with credit cards. By supplying your credit card number and your name to these disreputable companies, you're opening up yourself to the possibility of credit card fraud and identify theft as well as a stolen WoW account—and even if you avoid all these consequences, you still run the risk of your account being banned.
Unknowingly Giving Away Your Account Information
The second—and maybe the most common—way that accounts can become compromised is if someone logs into an account on a computer which, unbeknown to that person, contains a malicious program designed to steal account information. This doesn't have to be limited to your computer; it can also be a friend's computer, a family member's computer, or even a public computer.
Another common way that accounts can become compromised (and one that, unfortunately, I've seen too often) is becoming a victim to a phishing scam. Phishing scams usually come in the form of e-mails, and they are official-looking letters that ask you to provide your account name, password, or other information. They spoof the "from" e-mail address to look legitimate, and often threaten to penalize your account unless you surrender the information. In case you'd like to see some examples of phishing scams to prepare yourselves, here's the direct link:
http://forums.worldofwarcraft.com/thread.html?topicId=965511383&sid=1
A more recent phishing scam that's been popping up recently is when characters with names such as "Blizzard," "Wowbilling," or other alleged aliases of official Blizzard employees (or in some cases other sites, as recently occurred with
MMO-Champion
randomly whisper players asking them to visit some site to claim a prize (usually a mount)). The names sometimes contained accented letters to circumvent the restriction on the otherwise blocked names. This has been a frequent occurrence for well over a month now, and it seems that this tactic is mostly ineffective because the messages are delivered with poor grammar, spelling, and punctuation. Nevertheless, I felt it was still worth mentioning, as
nothing
is foolproof to a sufficiently talented fool. If you're contacted in-game by one of those scammers, you're more than welcome to report them using the "Report as Spam" feature and report the malicious site in an e-mail to hacks@blizzard.com.
Now that we've established how accounts can be compromised, let's move on to the prevention strategies and what to do when your account has been compromised.
The Key to Prevention
One of the easiest ways to prevent your account from being compromised is to keep your account information a secret. As much as we all want to let our friends and family access our accounts, in most cases it simply isn't worth it. Would you trust them to keep your account secure? Or, for that matter, would you trust them to not go into your account and delete your level 80 character if you happen to get into an argument? Or worst of all, would you trust them not to fall for an existing scam?
The other way to prevent your account from becoming compromised—and this is probably harder for some people—is to practice good security habits (browsing habits, etc). A Game Master on Blizzard's Customer Service Forum wrote a sticky thread with some excellent information, so to make it convenient for everyone I'll be quoting the information here. If you'd rather view the original thread, though, here's the link:
http://forums.worldofwarcraft.com/thread.html?topicId=14318909866&sid=1#2
Once your account is secure, it's good to establish habits which can help you keep it this way. While there are many methods by which to maintain the security of an account, here are some tips to get you started:
Complete operating system updates regularly (preferably as they become available).
If you use Firefox, install NoScript and run it consistently while browsing.
Run antivirus and anti-spyware scans weekly.
Never willfully share your login and password. Even friends, family, and significant others can place your account at risk.
Be aware of "phishing" emails and websites, and do not to respond to any invalid requests. Remember that a Blizzard Employee will never ask for your password.
Monitor the availability of your email address and do not post it publicly.
Additional information can also be found here:
http://us.blizzard.com/support/article.xml?articleId=20572
Another good tip would be to make an investment in a Blizzard Authenticator. Some links that provide information about them has been provided below:
http://www.blizzard.com/store/search.xml?q=authenticator
http://us.blizzard.com/support/article.xml?articleId=24660
http://us.blizzard.com/support/article.xml?articleId=24987
All in all, I think it's time we step up to the plate and take responsibility for our actions. We must not forget that keeping our account information a secret and our accounts and computers secure is
our
job, not Blizzard's. And if your account is compromised, the least you can do is be grateful that Blizzard will be happy to try to recover every single loss. I don't know how many people are aware of this, but Blizzard is one of the few (if not, the only) MMO companies that actually help its customers whose accounts have been hacked. The other MMO companies pretty much tell you in these cases, "It's your own fault, not yours. Start over."
Now that the wall of text is over…
What security habits do you practice?
This can include browser of choice, web browsing habits, etc. Also,
do you have any other tips that can help players prevent account compromises from happening?
And on a final note,
do you think players should take more responsibility for keeping their account secure?
Post by
tidus4eva
One way that I keep secure is I stay away from clicking on any adverts or websites that look dodgy.
To help me with this, I will usually use Google and type the name of the suspicious site and see what results - if there's forum posts or reviews saying this site is dodgy, then I'll avoid it completely and (occasionally) report it.
And if I see an advert that interests me, I'll google it and click the specific result directly linking to the site, rather than clicking on the ad itself. I know it results in a loss of page ad click for the domain owner, it's for my own protection.
Post by
296147
This post was from a user who has deleted their account.
Post by
Blackboy0
My cousin, an avid WoW player for 2 years, got his Account hacked today. We were actually at a family gathering, and we were talking about Class specs and which were the best and overpowered and nerfed too much. He has a Hunter, and I have a Rogue, so we have sort of different views.
When I got home, I got a call from him and he said that his account was hacked. He had
never
given his information out, he never compromised it in anyway. Maybe Blizzard's crapping out some how? He's trying to get his information right now.
Post by
caboosefanatic
My cousin, an avid WoW player for 2 years, got his Account hacked today. We were actually at a family gathering, and we were talking about Class specs and which were the best and overpowered and nerfed too much. He has a Hunter, and I have a Rogue, so we have sort of different views.
When I got home, I got a call from him and he said that his account was hacked. He had
never
given his information out, he never compromised it in anyway. Maybe Blizzard's crapping out some how? He's trying to get his information right now.
The second—and, perhaps, the most common—way that accounts can become compromised is if someone logs into an account on a computer which, with or without their knowledge, contains a malicious program designed to steal account information.
Post by
justinc
Just use a little common sense. It
truly
goes a long way. As uncaring as it may sound, I truly have no pity for people who fall victim to phishing or keyloggers.
Post by
adashiel
Please don't quote links to bad sites. You'd think that would be a no-brainer by now.
Post by
349103
This post was from a user who has deleted their account.
Post by
270853
This post was from a user who has deleted their account.
Post by
Helikon
Just use a little common sense. It
truly
goes a long way. As uncaring as it may sound, I truly have no pity for people who fall victim to phishing or keyloggers.
^ this, Anyone who gets hacked, keylogged, phised, ect probably deserved it. Gold selling site, wow cheating site, banner adds. You have to be rightfully dense to give out your account info.
if it happens to you, sorry lol should have known better.
Post by
Blackboy0
My cousin, an avid WoW player for 2 years, got his Account hacked today. We were actually at a family gathering, and we were talking about Class specs and which were the best and overpowered and nerfed too much. He has a Hunter, and I have a Rogue, so we have sort of different views.
When I got home, I got a call from him and he said that his account was hacked. He had
never
given his information out, he never compromised it in anyway. Maybe Blizzard's crapping out some how? He's trying to get his information right now.
The second—and, perhaps, the most common—way that accounts can become compromised is if someone logs into an account on a computer which, with or without their knowledge, contains a malicious program designed to steal account information.
Yes, that's what I'm thinking. He bought a Guide, and I think it held a keylogger. He seems to think otherwise, but I'd like to take a look at the guide and see...
Post by
Atli
Another great way to avoid key-loggers and other virus-like threats: Do not use Internet Explorer.
Most such threats are targetted at IE, and a lot of them can be avoided by simply not using it.
Try one of:
Firefox
,
Chrome
,
Opera
or even
Safari
.
All of which are far superior to IE in prettu much every way. (Arguably)
Firefox also has a lot of addons that can help with security, such as NoScript and AddBlock.
Post by
375298
This post was from a user who has deleted their account.
Post by
Shigy
All of these are fantastic tips but really for about $15 (not 100% sure on the price) you can get a blizzard authanticator and then no one is getting onto your account who doesn't have it. Every 30 seconds it generates a new code that only lasts for 2 minutes. When you login you need your normal username and password and then this code.
Post by
fireproof52
Only using a select few sites, not clicking any links until I can absolutely confirm that it's safe, and last but not least, the power of a virus scan once in a while.
I've kept the same password for 2 years, no blizz authenticator, never once gotten hacked.
Post by
SignupSucks
Phishing scams usually come in the form of e-mails, and they are
official-looking letters
that ask you to provide your account name, password, or other information.
I snerked. I honestly cannot possibly understand how anyone could be taken by the scams I have seen. None of them were even remotely believable, and not just because 90% of the time the grammar and spelling was utterly atrocious.
This also reminds me of another, more generally targeted scam, involving bank account information and text messages. Individuals would receive a text message from their 'bank' asking them to reply with their account information. I was floored that this could possibly be a successful scam (even as low as 1% or .1% success rate): what the hell bank is going to correspond using
text messaging
?
Unfortunately, no one ever went broke underestimating the stupidity of the human race. It is just unbelievable what people can believe.
Post by
Atli
I snerked. I honestly cannot possibly understand how anyone could be taken by the scams I have seen. None of them were even remotely believable, and 90% of the time the grammar and spelling was utterly atrocious.
Perhaps that is a part of the scam... Only making one out of ten scams remotely believable will make that one scam that much more believable.
Might get people thinking: "Hey, this doesn't look like the other scams. Maybe this is legit!"
But then again: "Only two things are infinite: the universe and human stupidity. And I'm not even sure about the first one."
(Can't remember the exact quote, but that's close enough.)
Post by
Helikon
I snerked. I honestly cannot possibly understand how anyone could be taken by the scams I have seen. None of them were even remotely believable, and 90% of the time the grammar and spelling was utterly atrocious.
Perhaps that is a part of the scam... Only making one out of ten scams remotely believable will make that one scam that much more believable.
Might get people thinking: "Hey, this doesn't look like the other scams. Maybe this is legit!"
But then again: "Only two things are infinite: the universe and human stupidity. And I'm not even sure about the first one."
(Can't remember the exact quote, but that's close enough.)
Honestly, the people that give there account info away to those types of emails need to get there heads checked. Not to even point out the obvious spelling and lack of grammar in there questions and emails. But anyone who has ever had a shred of life experience would know that giving someone your password and account name, email and what ever else they ask for. Is obviously not going to use it for anything good. All i can ask my self in the 3+ years of playing WoW, is Really? You actually told them your PW? Really? Can i have your SSN and date of birth to?
lol
Post by
vexis58
A coworker of mine apparently got his account hacked / characters deleted while he was on vacation last week. Through the conversation, I heard him say both "I thought it was because Blizzard found out I had bought gold in the past," and "I have no idea how this could have happened!"
Seriously? You're just asking for it. All of the stories I've ever heard of people getting their accounts hacked lead back to them buying gold or leveling "services" or doing other similarly dumb things.
Just get an authenticator. They're like five bucks. Or free as an iPhone app.
Post by
DSitC
Surfing the internet carefully?
Check!
Don't give away my account data?
Check!
Use a hard password that can't be hacked by a dictionary attack?
Check!
Use an authenticator?
Check!
I feel pretty safe! ;-P
Post Reply
You are not logged in. Please
log in
to post a reply or
register
if you don't already have an account.
© 2021 Fanbyte
