WowInterface.com email database has been compromised

[Dolby]

We aren't running that version of vbulletin and the version we are running is patched to the teeth. Thank you though.

[aalnydara]

Let me start by saying I am very careful protecting my real email address. Every website I visit that wants my email address gets a randomly generated address at a different domain that gets forwarded to my real address until I choose to delete it. WowInterface.com is no exception. I just received a WoW phishing email to the address registered with this site. So it's safe to say this is the only place they could have gotten the address.

The phishing email wasn't terribly clever. Here's the contents:

From: "World of Warcraft - Account Action Notification" <[email protected]>
Subject: World of Warcraft Billing Account Services
To: [email protected]
Content-Type: text/plain;charset="GB2312"
Date: Fri, 13 Aug 2010 19:16:22 +0800
X-Priority: 3
X-Mailer: FoxMail 3.11 Release [cn]
X-SOURCE-IP: [38.113.6.65]

Greetings

World of Warcraft -> Legal -> End User License Agreement
and Section 8 of the Terms of Use:
Blizzard Entertainment -> Legal -> Terms of Use
A 3-hour probationary suspension is pending on this account, awaiting confirmation from a spe******t. A final warning has been issued. The investigation will be continued by the Account Administration team to determine the any further suspensions. If the account in question is found in violation of the EULA and Terms of Use, further action will be taken. Be aware that any additional inappropriate actions may result in the permanent closure of the account.
Thank you for respecting our position on this matter.
==================================================================================================================
** We request that you verify your legitimate ownership of the account:
click Website <http://us.battele.info/login/login.xmlref=https=www.worldofwarcraft.com=accountapp=wamcir=true.htm> to proceed.

Blizzard staff will verify your account information submitted in two days, Please do not repeat to submit verify, please do not modify your account information during this time . It will not affect your game uptime.If you are unable to successfully verify your password . using the automated system, please contact Billing & Account Services at 1-800-59-BLIZZARD (1-800-592-5499) Mon-Fri, 8am-8pm Pacific Time or at [email protected]. Account security is solely the responsibility of the account holder. Please be advised that in the event of a compromised account, Blizzard representatives typically must lock the account. In these cases the Account Administration team will require faxed receipt of ID materials before releasing the account for play.


Regards

The World of Warcraft Support Team Blizzard Entertainment

[yj589794]

your email address is listed on your public profile page

[Dolby]

Yes aalnydara, per your options you have your email address public in your profile on our site.

Options > Edit Options > Uncheck "Receive Email from Other Members".

[aalnydara]

My apologies. I didn't realize how that vBullentin feature worked. I assumed that by saying I would "allow email from other members" that if a member wanted to email me, it would be funneled through some sort of web form rather than giving them my email address outright.

Not that you guys have control over the vBulletin code, but the explanation for that feature would be more appropriately named "Allow other members to view your email address".

In any case, I've unchecked the box. Sorry for the hassle.

[Hangar]

I just got one of these emails, sent to an address I only ever gave to this site when I registered. 'Receive email from other members' is not checked in my profile. I put spaces in the phishing link and replaced my domain name with 'mydomainname':

Return-path: <[email protected]> Envelope-to: [email protected] Delivery-date: Sat, 14 Aug 2010 05:26:56 -0500 From: "World of Warcraft - Account Action Notification" <[email protected]> Subject: World of Warcraft Billing Account Services To: [email protected] Content-Type: text/plain;charset="GB2312" Date: Sat, 14 Aug 2010 18:30:54 +0800 X-Priority: 3 X-Mailer: Microsoft Outlook Express 6.00.2600.0000 Greetings World of Warcraft -> Legal -> End User License Agreement and Section 8 of the Terms of Use: Blizzard Entertainment -> Legal -> Terms of Use A 3-hour probationary suspension is pending on this account, awaiting confirmation from a spe******t. A final warning has been issued. The investigation will be continued by the Account Administration team to determine the any further suspensions. If the account in question is found in violation of the EULA and Terms of Use, further action will be taken. Be aware that any additional inappropriate actions may result in the permanent closure of the account. Thank you for respecting our position on this matter. ================================================================================================================== ** We request that you verify your legitimate ownership of the account: click Website <h tt p://u s.battele.info/login/login.xmlref=https=www.worldofwarcraft.com=accountapp=wamcir=true.htm> to proceed. Blizzard staff will verify your account information submitted in two days, Please do not repeat to submit verify, please do not modify your account information during this time . It will not affect your game uptime.If you are unable to successfully verify your password . using the automated system, please contact Billing & Account Services at 1-800-59-BLIZZARD (1-800-592-5499) Mon-Fri, 8am-8pm Pacific Time or at [email protected]. Account security is solely the responsibility of the account holder. Please be advised that in the event of a compromised account, Blizzard representatives typically must lock the account. In these cases the Account Administration team will require faxed receipt of ID materials before releasing the account for play. Regards The World of Warcraft Support Team Blizzard Entertainment

[Zasurus]

I got one to... Also do the same as a few of the users here and have my own domain with email address unique to the site and I have stated getting wow junk to this address. No other email address on the domain and that email address has only ever been entered into this site :-) Soz Oh and my email address has never been public! ;-)

Zas

[Cralor]

Though I do not know the specific date when WoWInterface got compromised, both of you seem to have had an account for quite a while now, so that could be the reason.

[seebs]

Yup, they hit me too. It's basically the same as the phishes I get to the address I used to use at wow dot net some years back, I believe.

The timing was impressively good -- I cancelled over Real ID, but I had just sent email to Blizzard within a few hours of when they sent their phish. Which is itself sort of interesting, but probably just coincidence.

[schmakk]

Originally Posted by Dolby Yes aalnydara, per your options you have your email address public in your profile on our site. Options > Edit Options > Uncheck "Receive Email from Other Members".

I have had an account for quite a while but this option isn't enabled and as far as i know, never have. I have within the last few weeks recieved two well crafted phising mails.
I'm using sneakemail.com, which means a randomly generated email address is used for every service i sign up for.
If there has been changes to default settings or anything like it, that might be why scammers got my address, but if not, something is very very wrong.

Edit: i do have "Receive Email from Administrators" enabled though...

[Seerah]

As mentioned earlier, the site was compromised a couple of years ago. Since your account is an old one, it is highly likely that this is where your emails stem from. Have you changed your email address for WoWI?

[Medlir]

I just got one to to my WoWI-only email as well, but yes my account is old, and no I haven't changed the address. Amazing it took them this long.

[schmakk]

Originally Posted by Seerah As mentioned earlier, the site was compromised a couple of years ago. Since your account is an old one, it is highly likely that this is where your emails stem from. Have you changed your email address for WoWI?

I dont think i changed it since i created the account, but i sure have now, while also disabling the old one. Did you send out an email about your compromise back then? It has completely gone over my head.

Unrelated: Did i just get a fullscreen popunder for partypoker when i clicked the text field on the reply page?

[Seerah]

If I recall correctly, there was a news post. But it was a while ago, I admit, and my memories aren't always the clearest.

[schmakk]

Originally Posted by Seerah If I recall correctly, there was a news post. But it was a while ago, I admit, and my memories aren't always the clearest.

Ah well, **** happens.

To anyone whos looking to avoid spam: sneakemail.com is 2$ a month and theres a free trial available. It works by giving you a new address every time you sign up for something, and forward mail from that address to your inbox. The mails are tagged so its clear where they come from and you can then delete or disable the address to stop the spam.

Sorry for the plug, but it's saved me from mishaps like this and untrustworthy services quite a few times now.

[Vuelhering]

I've been getting phishing spam to my wow interface email since the middle of august.

This is the first time I've logged in in ages, it's not available in my profile, and never has been since I created the account (unless it got changed against my permission). I came here simply to change that email address because all mail to that account is now being **canned.

[MidgetMage55]

Originally Posted by Seerah As mentioned earlier, the site was compromised a couple of years ago. Since your account is an old one, it is highly likely that this is where your emails stem from...

For the limit!

[Mordaki987]

the thing with all of this is that keyloggers and things that can be used for hacking purposes can also be placed unknowingly into a user interface itself. be it through an addon, or whatever the case may be. I should know since my wow account itself has been compromised not once but 4 times. and from my understanding and by word of mouth as well as email wowinterface.com is known to be hacked quite consistantly. at least that is what i have heard.

[Dolby]

Our email database was only compromised once, thats why you see every one with old accounts alerting us.

AddOns CAN NOT contain key loggers unless there is an exe or some executable file packaged with them. We manually moderate every upload to verify each file is safe. We dont even allow authors to package addons with executable files so there is no mistake.

[Vuelhering]

Originally Posted by Dolby Our email database was only compromised once, thats why you see every one with old accounts alerting us.

Yeah, I guess that old hack got resurrected by some jerk.

AddOns CAN NOT contain key loggers unless there is an exe or some executable file packaged with them. We manually moderate every upload to verify each file is safe. We dont even allow authors to package addons with executable files so there is no mistake.

As an addon author, this is 100% correct, minus some small epsilon such as an executable error in the Lua interpreter that's never been caught.

Your account was compromised 4 times because you ran unknown executable programs or were unfortunate enough to click on the wrong email link (sent by a goldseller site) or visit the wrong site. None of your issues were caused by wow addons.