My WoW Account Hacked

[Darrow]

Within one day of installing the newest Carbonite patch, my WoW account was hacked. This may only be a coincidence, but I wanted to alert everyone including the software developers of the problem. I have used Carbonite Addon for over a year with no problems. I am now locked out of my account while WoW tries to restore all my looted gold and items.

[Seerah]

I would just like to point out that it is impossible for an addon to be a keylogger, as it is just a collection of text files. As long as you installed the version on this site, and did not find some .exe version of it, Carbonite did not cause your account to be hacked.

I would also like to point out, that 99% of the time, your account information was collected as much as 4 months prior to it being used for nefarious purposes. Always be wary of where you visit, things you download, public computers (or those of people who aren't so savvy in computer security), etc. And keep up to date on your virus scanner's definitions and computer scans, and update your versions of java, etc. when security holes are patched.

[Darrow]

I installed only the version on this site. I know I have received phishing emails that I do not open. I have forwarded some of these to Blizzard. There has been a definite increase in these mailings in the last two to three months.

I have ordered an authenticator from Blizzard to add an extra layer of security to my game. I certainly do not want to do away with my Carbonite Addon. I did want to make people aware of the increased hacking danger. I appreciate your quick response. You have alleviated any fears I had that the addon might have been "bugged" or "contaminated" in any way.

I do try to be security conscious but somehow I was not successful. I follow the steps that you have outlined.

Thank you again for your response.

[Vis]

I would also add the same thing I say to all my Guildmates.....

Is your WoW account worth spending (US) $6.50 on for account security? If it is, get yourself a Blizzard Authenticator. It's damn near impossible to hack an account after setting one up from everything I've read.

or

If you have an Iphone or similarly supported smart phone, get the Mobile Blizz Authenticator. It's an app that installs to your phone that does the exact same thing as the handheld keyfob one. Best thing about it, it's free if your phone can use it.

[Plannb23]

If you have a Smart Phone or an IPhone then you could also just do it on your phone. Check this website here.

https://us.battle.net/account/suppor...or.xml?rhtml=y

[DonCorneo]

Originally Posted by Vis I would also add the same thing I say to all my Guildmates..... Is your WoW account worth spending (US) $6.50 on for account security? If it is, get yourself a Blizzard Authenticator. It's damn near impossible to hack an account after setting one up from everything I've read. or If you have an Iphone or similarly supported smart phone, get the Mobile Blizz Authenticator. It's an app that installs to your phone that does the exact same thing as the handheld keyfob one. Best thing about it, it's free if your phone can use it.

My account was hacked just hours after making the change (new login in name and password) for Battle.net and it was again hacked after using Battle.net just recently. My system is completely clean of any key logger or other known malware and is checked daily as it contains financial information, plus I ran scans after my account was hacked to make sure with several of the top scanning programs. My suspicion is that Battle.net has a "leak" that is being exploited.

The first hack I found out after my account was banned for gold selling/farming. When I got access back to my account, everything sellable was gone from my toons, my level 80 toon was naked where the hacker was using it for farming and the hacker had made a DK, but apparently didn't have time to use it. The second time I had the Authenticator attached to my account so the hacker could not log on, though tried changing my password (I was alerted to this by an email from Blizz saying my password was changed).

As explained below, addons do not have .exe files, but they also are loaded AFTER you enter your password for WoW, so they can not log it.

Since Battle.net has made it easier for hackers by using our email address instead of a login name, I highly recommend getting an Authenticator. The security it gives you is well worth it, even it is annoying as h311 to have to use it each and every time you log on (you have to log on like normal, then enter the code from the Authenticator), including after an idle/afk disconnect. The fact the code is displayed for such a short time does not help much either. You have to use it to log onto Battle.net also.

Just make sure you keep the authenticator somewhere safe and where you won't lose it.