Thread Tools Display Modes
07-04-10, 01:13 PM   #41
AxnJackson11
A Fallenroot Satyr
Join Date: Oct 2009
Posts: 28
mine is escalted also. they responded quickly, about 5min after reporting it, it was escalted. now to play the waiting game.
  Reply With Quote
07-05-10, 07:17 AM   #42
Flarin
A Frostmaul Preserver
 
Flarin's Avatar
AddOn Author - Click to view addons
Join Date: Mar 2006
Posts: 290
No update as of yet - I did get the authenticator working on my Blackberry - so I have an extra layer of protection so to speak.
__________________

"I will crush and destroy and...ooo...shiny..."

  Reply With Quote
07-07-10, 10:54 AM   #43
Flarin
A Frostmaul Preserver
 
Flarin's Avatar
AddOn Author - Click to view addons
Join Date: Mar 2006
Posts: 290
Incompetent? Maybe....

Okay - today I get 2 emails.

Email to original email address that was hacked:
We apologize for any inconveniences you are experiencing with your World of Warcraft account. Unfortunately, the e-mail address used to contact us is not registered to the account in question. For privacy and security reasons, we are only able to discuss the account through the registered email address.
To the new email address that I changed my account to because I was hacked:
Battle.net Account - Password Reset

We have reset the password for the Battle.net account associated with this email address. To choose a new password, please click the following link and follow the instructions:
and then...
Battle.net Account - Password Reset

We have reset the password for the Battle.net account associated with this email address. To choose a new password, please click the following link and follow the instructions:
So - I ask you - wth? Honestly - this is possibly the breaking point. I was playing the game 20 minutes ago - I logged off then I get these emails - now I cannot log in. So I am on hold waiting for support - AGAIN. What kind of service is this from a company that rakes in 20,000,000 * ~$15 per month? Are you serious? This is just misery. If anyone from Blizz sees this - throw me a bone huh? What am I to do?
__________________

"I will crush and destroy and...ooo...shiny..."

  Reply With Quote
07-07-10, 11:30 AM   #44
Bluspacecow
Giver of walls of text :)
 
Bluspacecow's Avatar
AddOn Author - Click to view addons
Join Date: Dec 2006
Posts: 770
I would make a polite post on the CS forums to find out what's going on.

It's possible they're in the process of restoring things for you and have kicked your account as a safety measure. Did you find anything untoward on your computer ? I've known them to ban an account if it keeps getting compromised not long after they reset your password and stuff. A security measure they do as it's possible the keyloggers still on your computer.

It's also possible a mistake has been made - although those are copy and pasted answers it still requires a human to clicky clicky the buttons.

But you'll never know unless you ask them there. Be sure to include your toon name and realm name you are on. Certain Blizzard posters there have been known to update you on how your case is going.

I know it's frustrating but trust me. If your nice and polite you should get some help on the Customer Service forums.
__________________
tuba_man on Apple test labs : "I imagine a brushed-aluminum room with a floor made of keyboards, each one plugged into a different test box somewhere. Someone is tasked with tossing a box full of cats (all wearing turtlenecks) into this room. If none of the systems catch fire within 30 minutes, testing is complete. Someone else must remove the cats. All have iPods." (http://community.livejournal.com/tec...t/2018070.html)

Last edited by Bluspacecow : 07-07-10 at 11:35 AM.
  Reply With Quote
07-07-10, 12:40 PM   #45
Shefki
An Aku'mai Servant
 
Shefki's Avatar
AddOn Author - Click to view addons
Join Date: Jan 2007
Posts: 31
A big suggestion I can make for people to keep themselves safe is as follows:

If you use gmail or some other mail services (check with your mail provider) you can use sub addressing.

Say you email address for blizzard is [email protected]. You'd turn it into [email protected]. The services that support this will ignore anything after and including the plus in the username. This secret becomes an additional level of security in your login name. Even if someone knows your email address they don't know the +secret.

It also serves to validate email easily coming from Blizzard. As long as you never give out the +secret to anyone else, only you and Blizzard know it. If you get legitimate email from Blizzard it will be sent to that address.

I get a lot of phissing mail addressed to my email addresses I use on various fan sites, but the only mail I ever get to [email protected] is fully legit mail from Blizzard.

Additionally, you can change the +secret at any time. Want to give people you address to add as friends change it briefly to something else, let them add you and change it back. Change it weekly if you're really paranoid. Change it anytime you feel threatened.

Outside of the various vulnerabilities floating around, I'm pretty sure the phising emails are their most successful tool. It's easy to fall for one even if you know what you're doing. Here's an explanation of how a knowledgeable person got phised:
http://www.boingboing.net/2010/05/05...t-phished.html

Last edited by Shefki : 07-07-10 at 12:44 PM.
  Reply With Quote
07-07-10, 11:47 PM   #46
Bluspacecow
Giver of walls of text :)
 
Bluspacecow's Avatar
AddOn Author - Click to view addons
Join Date: Dec 2006
Posts: 770
Originally Posted by Shefki View Post
Say you email address for blizzard is [email protected]. You'd turn it into [email protected]. The services that support this will ignore anything after and including the plus in the username. This secret becomes an additional level of security in your login name. Even if someone knows your email address they don't know the +secret.
Hey nice tip.

I might do that for mine too. Got a URL explaining how to do it on gmail.com ?

does this mean i enter [email protected] when logging into the forums or battle.net ?
__________________
tuba_man on Apple test labs : "I imagine a brushed-aluminum room with a floor made of keyboards, each one plugged into a different test box somewhere. Someone is tasked with tossing a box full of cats (all wearing turtlenecks) into this room. If none of the systems catch fire within 30 minutes, testing is complete. Someone else must remove the cats. All have iPods." (http://community.livejournal.com/tec...t/2018070.html)
  Reply With Quote
07-08-10, 12:53 AM   #47
MidgetMage55
Grinch!
 
MidgetMage55's Avatar
AddOn Author - Click to view addons
Join Date: Feb 2007
Posts: 1,498
I just read up on this a few moments ago and sent myself a test email which worked perfectly. The only thing im not sure of is if i wish to use this for my log in as Blue asked do i set that up as my actual email address with battle.net?
__________________

I think Hong Kong Phooey was a ninja AND a pirate. That was just too much awesome. - Yhor
  Reply With Quote
07-08-10, 01:25 AM   #48
Noxarious
Premium Deadmeat
 
Noxarious's Avatar
Premium Member
AddOn Author - Click to view addons
Join Date: Jul 2008
Posts: 4
Flarin one of friends got hacked, a GM told her husband to try to start a scan while wow launcher was active and they did indeed find the infection, maybe you should try the same thing. Start full scans with your anti-virus, ad-aware, spybot S&D, malwarebytes.

edit: heck even housecall

Last edited by Noxarious : 07-08-10 at 01:32 AM.
  Reply With Quote
07-08-10, 03:18 AM   #49
Bluspacecow
Giver of walls of text :)
 
Bluspacecow's Avatar
AddOn Author - Click to view addons
Join Date: Dec 2006
Posts: 770
Originally Posted by MidgetMage55 View Post
I just read up on this a few moments ago and sent myself a test email which worked perfectly. The only thing im not sure of is if i wish to use this for my log in as Blue asked do i set that up as my actual email address with battle.net?
I wrote a guide up on how to change your parental controls that would of helped here. Can't seem to find it so I get to write one just for you

0) Make sure you are logged out of game.

1) Decide what you want your email address to be

Possibly the hardest bit.

2) Log on to http://battle.net

This should redirect to your local battle.net either us.battle.net , eu.battle.net or w/e else for the parts of the world not covered by those 2 domains (I think theres a korean and chinese one as well)

3) Under "My Profile" there will be a Change E-mail Address in blue text

https://us.battle.net/account/manage...nge-email.html

Is the direct link.

Fill it out with your old email , new one , password and answer to your secret question.

4) You'll get an email on the new email address and the old email address.

Basically confirmation emails

5) Click the confirmation links in your email and it's changed.

Once you've done all this it will be changed on the forums and in game pretty much instantly.

I had to do this about a week back when testing how the Parental Controls would work with changing your email. It literally took about 2-3 minutes each time to change it over. I changed it to a different email and back again.

It's a feature of battle.net that doesn't get advetised often enough IMHO.
There doesn't appear to be anything prominent about it on Blizzard's security site (https://us.battle.net/security/help.html)

This little feature means it's possible given the right equipment and software to change your login details several times per day without any assistance from Blizzard. I've not tested it but in theory if you were running your own mail server you can auto-generate a list of 24 random email addresses that you don't use again and change your login name .... by the hour.

Not sure if this would raise any flags with Blizzard but there you go
__________________
tuba_man on Apple test labs : "I imagine a brushed-aluminum room with a floor made of keyboards, each one plugged into a different test box somewhere. Someone is tasked with tossing a box full of cats (all wearing turtlenecks) into this room. If none of the systems catch fire within 30 minutes, testing is complete. Someone else must remove the cats. All have iPods." (http://community.livejournal.com/tec...t/2018070.html)
  Reply With Quote
07-08-10, 03:40 AM   #50
Bluspacecow
Giver of walls of text :)
 
Bluspacecow's Avatar
AddOn Author - Click to view addons
Join Date: Dec 2006
Posts: 770
Originally Posted by Noxarious View Post
Flarin one of friends got hacked, a GM told her husband to try to start a scan while wow launcher was active and they did indeed find the infection
^^ This

And also start it when you have world of warcraft up and something typed into the login and password box.

Many keyloggers will monitor system events in some way to make them undetectable until you have something typed into those fields.

Also despite common misconceptions copying and pasting your password does nothing to defeat a keylogger.

Getting the contents of the pasteboard (which is the area of your computer where copied stuff goes for pasting) is fairly trivial in most computer languages. It's just assigning a value to a variable. In programming terms its actually harder to figure out what to name a function call or variable then it is to get the contents of the pasteboard.

if it's that easy then you can bet your bottom dollar a keylogger would include code to do this. Not really that hard once you think about it just wait till wow.exe is active then grab the contents of the keyboard at a particular point.
__________________
tuba_man on Apple test labs : "I imagine a brushed-aluminum room with a floor made of keyboards, each one plugged into a different test box somewhere. Someone is tasked with tossing a box full of cats (all wearing turtlenecks) into this room. If none of the systems catch fire within 30 minutes, testing is complete. Someone else must remove the cats. All have iPods." (http://community.livejournal.com/tec...t/2018070.html)
  Reply With Quote
07-08-10, 08:42 AM   #51
Noxarious
Premium Deadmeat
 
Noxarious's Avatar
Premium Member
AddOn Author - Click to view addons
Join Date: Jul 2008
Posts: 4
Originally Posted by Bluspacecow View Post
This little feature means it's possible given the right equipment and software to change your login details several times per day without any assistance from Blizzard. I've not tested it but in theory if you were running your own mail server you can auto-generate a list of 24 random email addresses that you don't use again and change your login name .... by the hour.
you dont need to generate anything, you just type the tag you want associated with you.

So for instance.

[email protected]
[email protected]

Both mail will be send to [email protected], I don't need to create new email accounts or anything this thing is called sub addressing for a reason.
http://en.wikipedia.org/wiki/E-mail_...Sub-addressing
  Reply With Quote
07-08-10, 02:58 PM   #52
Bluspacecow
Giver of walls of text :)
 
Bluspacecow's Avatar
AddOn Author - Click to view addons
Join Date: Dec 2006
Posts: 770
Originally Posted by Noxarious View Post
you dont need to generate anything, you just type the tag you want associated with you.

So for instance.

[email protected]
[email protected]
So no need to set up anything with your email provider then ?

You don't need to register or fill out any forms just use it?

O_O oh mee gawd that's cool

I could go :

[email protected] , [email protected], [email protected], [email protected], [email protected]

etc etc etc etc without having to set up new email addreses. And if wanted to log on the forums or the game I would use the particular sub addressing I had for b.net at the time ?
__________________
tuba_man on Apple test labs : "I imagine a brushed-aluminum room with a floor made of keyboards, each one plugged into a different test box somewhere. Someone is tasked with tossing a box full of cats (all wearing turtlenecks) into this room. If none of the systems catch fire within 30 minutes, testing is complete. Someone else must remove the cats. All have iPods." (http://community.livejournal.com/tec...t/2018070.html)
  Reply With Quote
07-08-10, 03:03 PM   #53
Cralor
Mmm... cookies!!!
 
Cralor's Avatar
AddOn Author - Click to view addons
Join Date: Jun 2007
Posts: 772
Thing is... you cannot log in with a sub-address. Only if you registered using it.
__________________
Never be satisfied with satisfactory.
  Reply With Quote
07-08-10, 03:11 PM   #54
Bluspacecow
Giver of walls of text :)
 
Bluspacecow's Avatar
AddOn Author - Click to view addons
Join Date: Dec 2006
Posts: 770
Originally Posted by Cralor View Post
Thing is... you cannot log in with a sub-address. Only if you registered using it.
Awwww can't you ?

Have you tried that ?

Not to be an ass or anything it's just that if you've tried it saves me from having to go test it myself.
__________________
tuba_man on Apple test labs : "I imagine a brushed-aluminum room with a floor made of keyboards, each one plugged into a different test box somewhere. Someone is tasked with tossing a box full of cats (all wearing turtlenecks) into this room. If none of the systems catch fire within 30 minutes, testing is complete. Someone else must remove the cats. All have iPods." (http://community.livejournal.com/tec...t/2018070.html)

Last edited by Bluspacecow : 07-08-10 at 03:13 PM.
  Reply With Quote
07-08-10, 03:50 PM   #55
Cralor
Mmm... cookies!!!
 
Cralor's Avatar
AddOn Author - Click to view addons
Join Date: Jun 2007
Posts: 772
Originally Posted by Bluspacecow View Post
Awwww can't you ?

Have you tried that ?

Not to be an ass or anything it's just that if you've tried it saves me from having to go test it myself.
Tried www.battle.net

On the topic of security... check out: http://cgullz.com/2010/07/keyscrambler/
__________________
Never be satisfied with satisfactory.

Last edited by Cralor : 07-08-10 at 04:06 PM.
  Reply With Quote
07-21-10, 02:36 PM   #56
Noxarious
Premium Deadmeat
 
Noxarious's Avatar
Premium Member
AddOn Author - Click to view addons
Join Date: Jul 2008
Posts: 4
Originally Posted by Bluspacecow View Post
So no need to set up anything with your email provider then ?

You don't need to register or fill out any forms just use it?

O_O oh mee gawd that's cool

I could go :

[email protected] , [email protected], [email protected], [email protected], [email protected]

etc etc etc etc without having to set up new email addreses. And if wanted to log on the forums or the game I would use the particular sub addressing I had for b.net at the time ?
Yes that is indeed the idea behind sub addressing/tagging

You can indeed use sub addressing if you just change your battle.net account email address.
  Reply With Quote
07-21-10, 03:37 PM   #57
elals29
A Wyrmkin Dreamwalker
 
elals29's Avatar
Join Date: Mar 2008
Posts: 57
I also its a great idea to have an email address JUST for wow.
  Reply With Quote
08-13-10, 09:01 AM   #58
Bluspacecow
Giver of walls of text :)
 
Bluspacecow's Avatar
AddOn Author - Click to view addons
Join Date: Dec 2006
Posts: 770
Originally Posted by Fenixhawk View Post
I realize that this is a very late reply, but I just found your post now by accident and I feel your pain. The common reply is always, "Check your PC - you're infected", but that's not always the case.
Because the EULA and TOS states that you are responsible for your login information.
Your PC is probably fine, but there is something that most users don't know about or don't care to admit: Blizzard employs many internal investigations staff who investigate internal employees for credit card and account fraud.
How is this proof that it isn't your PC ?

Yes they have an internal QA team watching over employee's actions. But it's no different from the audit teams employed at every large corporation. I used to work for a large corporation , Telecom NZ.

And yes they undertook regular audits of everything their employees did on a regular basis. Let me put it this way - would you prefer they didn't audit anything their employees did ? That they could do whatever they liked with no one to watch over them and make sure they weren't getting into mischief ? You would have the same situation when they made certain EQ players into admins (Cowboys btw)
Interesting article that one.

Easy read , fairly well set out , very well researched.

Only one problem though - in seven posts there is very little in the way of evidence in support of his arguments or even to refute the arguments he said he was going to refute. He does that trick where he quotes a statistic out of some study on Corporations but offers little in the way of hard evidence linking any breaks in user security on Blizzard's end.

His counterpart to the "Blizzard has never been hacked" argument ? "Nothing is perfect" ... along with no evidence of this ever happening.

His evidence of Blizzard experiencing internal problems due to employee fraud? Re-interpretation of 3 former Blizzard employees hyperbole on their linkedin profiles. Most of these job experience is listed from 2 years ago btw.

Part 7 is laughable - he links a interview with a former employee from December 2008! Again he uses the "you are wrong" without any evidence to back it up.

I will admit tho. The graph on part 2 is interesting but only because I'm too lazy to confirm his figures on no. of subscriptions to hacked accounts. Not sure about the federal and state laws saying that if Blizzard were compromised they would have to tell their customers. But they have been quoted several times on the CS forums by posters who had to research them , possibly lawyers.

His two central arguments seems to concentrate on (a) a perceived increase of hacked accounts posts in the forums and (b) old accounts being hacked.

Well the biggest reason for (a) is because you can now petition to get an authenticator a hacker has placed on your accounts by posting in the forums. That and "Red Car" syndrome.

IE Before you own a Red Car you don't see or notice red cars on the road that much. Then when you do buy one you start noticing them on the road as they are similar to yours. This is exactly what happens when someone gets hacked - you suddenly start taking notice of all the other "i've been hacked" posts just like yours and zomg it's an epidemic.

Trust me I read the CS forums twice per day , almost too much to be healthy. I've not noticed any large increase in "hacked" accounts.

IMHO this blog is just spreading Fear & uncertainty. With very little evidence.
__________________
tuba_man on Apple test labs : "I imagine a brushed-aluminum room with a floor made of keyboards, each one plugged into a different test box somewhere. Someone is tasked with tossing a box full of cats (all wearing turtlenecks) into this room. If none of the systems catch fire within 30 minutes, testing is complete. Someone else must remove the cats. All have iPods." (http://community.livejournal.com/tec...t/2018070.html)
  Reply With Quote
08-13-10, 09:17 AM   #59
Bluspacecow
Giver of walls of text :)
 
Bluspacecow's Avatar
AddOn Author - Click to view addons
Join Date: Dec 2006
Posts: 770
....Continued on from last post.

The problem with these types of blogs is it encourages the wrong sort of attitude in the end user.

They see this sort of blog and because it sounds very convincing to them they absolve themselves of any responsibility for the security of their login information.

It can't be their fault as there's nefarious employees giving our passwords out zomg zomg ! Never mind about basic computer security common sense. Yes they can have a battle.net email address of [email protected] , a password of password123 and don't have to do a thing to prevent viruii and malware from getting on their computer as zomg it's never their fault !!!! /sarcasm.

I could quote you their privacy policy from http://us.blizzard.com/en-us/company/about/privacy.html. I could point out that employees don't have access to your passwords anyway they are stored as hashs (I have this from a former employee). I can even point out that Apple had to recently admit to a security breach of theirs from a developer on their app store. Apple is way bigger then Blizzard and they still admited to their security fault.

But at the end of the day you either trust a major company with your information. Or you don't. And if you don't then why are you still paying them money supporting their untrustworthiness ?

It's like this:

You go buy an ice cream cone from a guy wheeling an ice cream cart through a park. You hand him money not only to get a cone but also in "good faith" that the cone he hands you is yummy , cold and free of insects,sand,dirt and/or used plasters. Your money is supporting the delicious cones he gives you.

Now someone tells you they got a cone with a bee in it one day. A family member tells you she once got a sticky plaster in hers. A friend tells you his was warm with a little dirt in it. Would you go back to the same ice cream seller ? Now you're not so quick to trust this ice cream seller. If you go back and hand him money for more cones despite yours being fine why are you handing the guy more money if you don't trust him ?
__________________
tuba_man on Apple test labs : "I imagine a brushed-aluminum room with a floor made of keyboards, each one plugged into a different test box somewhere. Someone is tasked with tossing a box full of cats (all wearing turtlenecks) into this room. If none of the systems catch fire within 30 minutes, testing is complete. Someone else must remove the cats. All have iPods." (http://community.livejournal.com/tec...t/2018070.html)

Last edited by Bluspacecow : 08-13-10 at 09:56 AM.
  Reply With Quote
08-13-10, 09:45 AM   #60
Nefrirr
A Cyclonian
 
Nefrirr's Avatar
AddOn Author - Click to view addons
Join Date: Jul 2008
Posts: 44
Originally Posted by Bluspacecow View Post
The problem with these types of blogs is it encourages the wrong sort of attitude in the end user.

They see this sort of blog and because it sounds very convincing to them they absolve themselves in any responsibility for the security of their login information.
Very nice post. I heard similar rumors already half a year ago ingame and also read similar accusations regarding Blizzard's account security in my raidgroup forums after two people got hacked.

People who get hacked are very quick to believe in such rumors, just so they can blame someone else. Voices of reason that argue against wild speculations are often ignored or ridiculed. But honestly, it should be obvious that security vulnerabilities on the user side are responsible for most hacks. Just ask yourself what is more probable:

(1) somehow I got a trojan due to some unpatched program I use or maybe I used my battle.net e-mail and pw in an insecure guild forum etc.
OR
(2) it is a conspiracy of malicious Blizzard employees.

Occam's razor says it's (1). Seriously, such theories are only one step above this lunatic over in the beta key give-away thread that accused the WoWI staff of selling beta keys while trying to (very clumsily) create the illusion of having some kind of credible source of it.
  Reply With Quote

WoWInterface » General Discussion » Chit-Chat » Accounts hacked.. Banned... Cry...

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off