Near-instant account breach
 

I installed Minion last night, updated a few addons, logged in and out of WoW and went to bed. This morning, my battle.net creds were cleared, all of my toons had been logged into and my account was on temporary ban. Checking last login times indicates that it was less than three hours after I installed and used Minion. I'm livid. I should note that I would be less willing to point fingers if this hadn't happened on a fresh windows install on which I have only installed Symantec Endpoint, Firefox, WoW, Curse Client, and Minion. Everything else was installed over a week ago. Seriously, what the hell is going on here?

i dont even think minion asks for your wow credentials (ive never ran it on my pc). but you should contact blizzard about this. not wowui.

You most certainly did not get infected by using Minion. That's a guarantee.

I find it hard to believe that wow hackers will change overnight.. they have never hacked a wow account via a freshly infected machine. Keyloggers have always sat on an infected machine for several months before an account gets hacked into.

I would agree with Petrah, generally if your account info is stolen, you don't know about it until some time later.
Either this is a case of coincidental bad timing (e.g. your info was stolen 6+ months ago and thye only JUST used the info and now to you it looks like something other than it is.); or this was some kind of very personal attack in which case you may want to look more closely at someone who may have had access to your pc, your wifi, or check for any physical key-loggers plugged into your machine.

And of course, contact Blizzard support A.S.A.P. and let them know what happened, and make sure you have changed your password.

Thanks for the helpful reply, random person with no experience using minion. I have already run through the paces with Blizzard regarding my account. I came here, to the minion subforum, because the last thing I did before my account got hacked was to install minion. Apparently this was the wrong thing to do somehow?

Done, done, and done. To respond: NOBODY could have had access to any of my hardware physically at 4:30 in the morning with me asleep in the next room of my own house, except my dog. I run pretty strict and redundant encryption/security on all of my pcs and my wifi. Running deep virus scanning multiple times this afternoon turned up nothing. This isn't surprising, since (as I said) I'm running on a fresh Vista install and (as I didn't say) I don't use that particular PC for anything but WoW, not even browsing the web. I have since changed my password and added an authenticator to the account.

HOWEVER. The last thing I did before all of this happened was install minion. 3 hours later, boom, account hack.

you are quite welcome sir /sarcasm. as everyone else has stated there would be no way that minion did this, you were hacked/keylogged (just a guess) weeks ago, they decided to take ur account. contact blizzard. UNLESS you downloaded minion from somewhere else. the possibilties are endless how your account got hacked.

dont download third party programs. unless you know fer sure where its coming from.

http://forums.worldofwarcraft.com/th...32280066&sid=1
http://forums.wow-europe.com/thread....02690401&sid=1

If you need to prove that Minion got your account credentials sent to someone else, you can go and open up the .jar files in a zip file manager(they are actually zip files renamed to .jar), and read through the code.

There is no way Minion gained your account credentials. Ask any java programmer, they will tell you the same.

Unless you downloaded Minion from a different site other then minion.mmoui.com, that is.

Make sure to update your flash and adobe acrobat reader. Right now most keyloggers are taking advantage of people who have the older versions with the exploits to get their keylogger to you. Some hacked sites will start a pdf download that is infected, others display infected flash ads or site elements. So I would go to adobe.com and update flash and reader asap.

Also Minion will never have you enter your wow account login info. Heck it doesnt even run when WoW is running.

Like others said its java and you can look at the source code your self.

Make sure your virus/malware scanner is up to date and do a full scan. If it finds anything post all the information here so we can help you figure out where it came from.

Update: The latest scam going around is this: http://www.wow.com/2010/03/31/new-sc...gets-launcher/

If you had a fresh install of Operating System ,WOW and other addons...Then I would look deeper into your old comp for the hacking code,Virus or keylogger...

Did you change your password before reinstalling your OS?

It is rare that account data is acted upon immediately. Often times there are month-long gaps or more before your account is actually broken into. Changing passwords frequently goes a long way to act as a stop-gap.

I find it extremely unlikely that any program you installed would lead to your account being compromised overnight.

That being said I'm looking into the integrity of the components.

As per previous message, I don't have either a.) an old version of flash or b.) any version whatsoever of acrobat reader. On the malware scanner, I have a brand new and fully-up-to date enterprise version of Symantec Endpoint provided by my employer. Scanning with the most aggressive scan available returns nothing, as it shouldn't. The only pieces of 3rd party software on this rig are WoW, Firefox, the aforementioned virus utils, Curse Client, and Minion. I have only accessed the internet to download the above.

The only other pc I have every used for WoW is my mac. This is my work computer and it is so aggressively locked down, it's laughable. Process scans have turned up no keyloggers. Also, I have never shared any information on anything with anyone and have never corresponded about my account online, even with Blizzard employees, until today.

Taking all this into account, I find it more than an odd coincidence that I install this software and suddenly I am hacked. Also, I should note that MMOUI minion does have a creds page in the options. I filled this in.

Update: I should also note that, despite suggestions to do so, I can't look at any of the minion source code because I wiped it, Curse, and my WoW install off of the PC. I'm not planning on putting anything else on the PC for a while.

Update 2: My account was reset at the battle.net level prior to any unauthorized access. I'm not sure if this is somehow significant.

out of the hundres and thousands of users that minion have, they decided to keylog you [;

These are the credentials used for wowinterface, not for world of warcraft. Even when it was for your wow creds, why would you fill them in? You don't seem to be the person that would do such a thing ;)

Shirik is going over the source code on our server. However we haven't received any other reports yet. Also malware/virus scanners would detect most keyloggers if one was some how embedded in the software.

From the information you've given to me its either you were keylogged before your os re-install and since your login cred was the same after your os install your logged info was finally used by them. Thus not being able to find anything on your end after. Or you were tricked to enter your login cred some where other than the real location (which i doubt since you seem fairly up on things but they can be tricky). Another possibility is if you use the same login/password on another site/game and that was compromised and they tried it on wow.

I do agree that its strange that it happend just as you installed those above programs. But I think at this point its a big coincidence. Like I said Shirik is checking the source code of our app and we will let you know. None of the checks in place server side shows a breach in our security.

As a java programmer (and CS PhD) myself, I can say that you can't possibly stand by this statement.

You're probably right. It seems more likely that my password was obtained through social means rather than invasive ones. Thanks, guys. I appreciate everyone's responses.

Likely due to a mix of 2am and stupid. To be fair, a lot of stupid. ;)

Heh, you're right. But what I meant was, if you can find the malicious code in Minion, please post where you found it. I should have used the words that Minion most likely has not gained your account credentials.

True. I probably put my password somewhere it didn't belong. Sorry for coming across as a douche.