Thread Tools Display Modes
03-31-10, 03:34 PM   #1
quasipolymath
A Deviate Faerie Dragon
Join Date: Mar 2010
Posts: 12
Near-instant account breach

I installed Minion last night, updated a few addons, logged in and out of WoW and went to bed. This morning, my battle.net creds were cleared, all of my toons had been logged into and my account was on temporary ban. Checking last login times indicates that it was less than three hours after I installed and used Minion. I'm livid. I should note that I would be less willing to point fingers if this hadn't happened on a fresh windows install on which I have only installed Symantec Endpoint, Firefox, WoW, Curse Client, and Minion. Everything else was installed over a week ago. Seriously, what the hell is going on here?
  Reply With Quote
03-31-10, 03:49 PM   #2
mankeluvsit
An Onyxian Warder
 
mankeluvsit's Avatar
Join Date: Sep 2008
Posts: 354
Originally Posted by quasipolymath View Post
I installed Minion last night, updated a few addons, logged in and out of WoW and went to bed. This morning, my battle.net creds were cleared, all of my toons had been logged into and my account was on temporary ban. Checking last login times indicates that it was less than three hours after I installed and used Minion. I'm livid. I should note that I would be less willing to point fingers if this hadn't happened on a fresh windows install on which I have only installed Symantec Endpoint, Firefox, WoW, Curse Client, and Minion. Everything else was installed over a week ago. Seriously, what the hell is going on here?
i dont even think minion asks for your wow credentials (ive never ran it on my pc). but you should contact blizzard about this. not wowui.
  Reply With Quote
03-31-10, 04:00 PM   #3
quasipolymath
A Deviate Faerie Dragon
Join Date: Mar 2010
Posts: 12
Originally Posted by mankeluvsit View Post
i dont even think minion asks for your wow credentials (ive never ran it on my pc). but you should contact blizzard about this. not wowui.
Thanks for the helpful reply, random person with no experience using minion. I have already run through the paces with Blizzard regarding my account. I came here, to the minion subforum, because the last thing I did before my account got hacked was to install minion. Apparently this was the wrong thing to do somehow?
  Reply With Quote
03-31-10, 04:08 PM   #4
mankeluvsit
An Onyxian Warder
 
mankeluvsit's Avatar
Join Date: Sep 2008
Posts: 354
Originally Posted by quasipolymath View Post
Thanks for the helpful reply, random person with no experience using minion. I have already run through the paces with Blizzard regarding my account. I came here, to the minion subforum, because the last thing I did before my account got hacked was to install minion. Apparently this was the wrong thing to do somehow?
you are quite welcome sir /sarcasm. as everyone else has stated there would be no way that minion did this, you were hacked/keylogged (just a guess) weeks ago, they decided to take ur account. contact blizzard. UNLESS you downloaded minion from somewhere else. the possibilties are endless how your account got hacked.

dont download third party programs. unless you know fer sure where its coming from.

http://forums.worldofwarcraft.com/th...32280066&sid=1
http://forums.wow-europe.com/thread....02690401&sid=1
  Reply With Quote
03-31-10, 04:20 PM   #5
ravagernl
Proceritate Corporis
Premium Member
AddOn Author - Click to view addons
Join Date: Feb 2006
Posts: 1,176
If you need to prove that Minion got your account credentials sent to someone else, you can go and open up the .jar files in a zip file manager(they are actually zip files renamed to .jar), and read through the code.

There is no way Minion gained your account credentials. Ask any java programmer, they will tell you the same.

Unless you downloaded Minion from a different site other then minion.mmoui.com, that is.

Last edited by ravagernl : 03-31-10 at 04:25 PM.
  Reply With Quote
03-31-10, 04:28 PM   #6
Dolby
PPAP
 
Dolby's Avatar
WoWInterface Admin
Join Date: Feb 2004
Posts: 2,339
Make sure to update your flash and adobe acrobat reader. Right now most keyloggers are taking advantage of people who have the older versions with the exploits to get their keylogger to you. Some hacked sites will start a pdf download that is infected, others display infected flash ads or site elements. So I would go to adobe.com and update flash and reader asap.

Also Minion will never have you enter your wow account login info. Heck it doesnt even run when WoW is running.

Like others said its java and you can look at the source code your self.

Make sure your virus/malware scanner is up to date and do a full scan. If it finds anything post all the information here so we can help you figure out where it came from.

Update: The latest scam going around is this: http://www.wow.com/2010/03/31/new-sc...gets-launcher/

Last edited by Dolby : 03-31-10 at 04:35 PM.
  Reply With Quote
03-31-10, 04:28 PM   #7
notthepop
A Kobold Labourer
Join Date: Apr 2009
Posts: 1
If you had a fresh install of Operating System ,WOW and other addons...Then I would look deeper into your old comp for the hacking code,Virus or keylogger...
  Reply With Quote
03-31-10, 04:55 PM   #8
quasipolymath
A Deviate Faerie Dragon
Join Date: Mar 2010
Posts: 12
Originally Posted by mrruben5 View Post
There is no way Minion gained your account credentials. Ask any java programmer, they will tell you the same.
As a java programmer (and CS PhD) myself, I can say that you can't possibly stand by this statement.
  Reply With Quote
03-31-10, 03:50 PM   #9
Petrah
A Pyroguard Emberseer
 
Petrah's Avatar
AddOn Author - Click to view addons
Join Date: Jan 2008
Posts: 2,988
You most certainly did not get infected by using Minion. That's a guarantee.

I find it hard to believe that wow hackers will change overnight.. they have never hacked a wow account via a freshly infected machine. Keyloggers have always sat on an infected machine for several months before an account gets hacked into.
__________________
♪~ ( ) I My Sonos!
AddOn Authors: If your addon spams the chat box with "Addon v8.3.4.5.3 now loaded!", please add an option to disable it!
  Reply With Quote
03-31-10, 03:59 PM   #10
Gsusnme
A Wyrmkin Dreamwalker
AddOn Author - Click to view addons
Join Date: Jun 2008
Posts: 55
I would agree with Petrah, generally if your account info is stolen, you don't know about it until some time later.
Either this is a case of coincidental bad timing (e.g. your info was stolen 6+ months ago and thye only JUST used the info and now to you it looks like something other than it is.); or this was some kind of very personal attack in which case you may want to look more closely at someone who may have had access to your pc, your wifi, or check for any physical key-loggers plugged into your machine.

And of course, contact Blizzard support A.S.A.P. and let them know what happened, and make sure you have changed your password.
  Reply With Quote
03-31-10, 04:08 PM   #11
quasipolymath
A Deviate Faerie Dragon
Join Date: Mar 2010
Posts: 12
Originally Posted by Gsusnme View Post
I would agree with Petrah, generally if your account info is stolen, you don't know about it until some time later.
Either this is a case of coincidental bad timing (e.g. your info was stolen 6+ months ago and thye only JUST used the info and now to you it looks like something other than it is.); or this was some kind of very personal attack in which case you may want to look more closely at someone who may have had access to your pc, your wifi, or check for any physical key-loggers plugged into your machine.

And of course, contact Blizzard support A.S.A.P. and let them know what happened, and make sure you have changed your password.
Done, done, and done. To respond: NOBODY could have had access to any of my hardware physically at 4:30 in the morning with me asleep in the next room of my own house, except my dog. I run pretty strict and redundant encryption/security on all of my pcs and my wifi. Running deep virus scanning multiple times this afternoon turned up nothing. This isn't surprising, since (as I said) I'm running on a fresh Vista install and (as I didn't say) I don't use that particular PC for anything but WoW, not even browsing the web. I have since changed my password and added an authenticator to the account.

HOWEVER. The last thing I did before all of this happened was install minion. 3 hours later, boom, account hack.
  Reply With Quote
04-01-10, 06:25 PM   #12
SkunkWerks
A Fallenroot Satyr
 
SkunkWerks's Avatar
AddOn Author - Click to view addons
Join Date: Apr 2006
Posts: 21
Originally Posted by Petrah View Post
You most certainly did not get infected by using Minion. That's a guarantee.
IncGamers swore the same thing up and down about their update client when a series of security breaches began happening to people who were using it.

The row went on for a good week or two- people insisting the client was infected, and the webmaster denying that such a thing was even possible- before someone finally verified that it was in fact, copies of the update client that were being infected at the server level that were at the root of the problem.

I'm not saying it is the case here, but there's no certainty, and no guarantee strong enough to make me want to use an update client. It's a risk, a significant risk. And no matter how upstanding your intentions, or how valiant your efforts are to minimize it, it will always be a risk.

Methinks you may be living in a fantasy land where computer security isn't always a constant game of one-upsmanship between the hackers and the software authors.
  Reply With Quote
04-02-10, 06:24 AM   #13
forty2j
A Cobalt Mageweaver
Join Date: May 2007
Posts: 232
While that is all true, Skunk, I would suspect Petrah's claim was based at least partially on the dearth of other reports. One data point does not make a trend.


These boards see a whole lot of "I just installed your addon and now I'm hacked". This was just another example of it, and probably the first "I just installed Minion and now I'm hacked". If there were weeks of additional data points supporting either claim, I'm sure the responsible author would pull the code down and take a closer look.
  Reply With Quote

WoWInterface » Site Forums » Minion » Archive » Near-instant account breach

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off