Thread Tools Display Modes
06-08-09, 07:33 PM   #1
paint4blood
A Murloc Raider
Join Date: Jun 2009
Posts: 5
Unhappy Guess what... my account was hacked.

Yes it is true, my account was hacked. I know how too. I installed an add-on via wowmatrix and I guess it had a key logger on it. The add-on's name is Skada. Do not use this add-on or some guy named Harry will get your account information. He stole my account by; First creating a battle.net account, changing my password, then finnaly merging my wow account with his battle.net account. I have already contacted blizz on the subject but they have not emailed me back yet as of June 9 2009. I don't really see the point in hacking a game other than to piss someone off. I do have a couple of high lvl characters, but none of them are at max lvl. I searched the WoW armory and I saw that my chars. still have their items but we shall see if that remains the issue. What suks the most is that I will not be playing for the next couple of months and I can't even log in to cancel my subscription. So unless this problem is resolved by June 12th. 2009 this guy will be playing my chars for free for about 2 months. Anyone know ways to hack my account back? Well I'll look on the bright side and maybe when I get back from deployment and then I resolve the issue I'll have some 80's and better gear when I get it back, ha ha. Thanks.
  Reply With Quote
06-08-09, 07:37 PM   #2
paint4blood
A Murloc Raider
Join Date: Jun 2009
Posts: 5
Also, of course, I deleted Skada. I will also ask my guild mates to keep an eye on my chars. I have a friend in real life who is also in my guild in the game. I'm coming for you Harry.
  Reply With Quote
06-08-09, 07:49 PM   #3
Cairenn
Credendo Vides
 
Cairenn's Avatar
Premium Member
WoWInterface Admin
Join Date: Mar 2004
Posts: 7,134
paint4blood, it may not have been wowmatrix or skada. Don't point fingers unless you have incontrovertible proof to back it up, please. Not fair to ruin someone's reputation when you don't know for sure.

If you were keylogged, it could have been as long as six months ago. They almost never hit an account as soon as they get the info. It usually takes at least a couple weeks. It could very well have just been a brute force/dictionary hack, too, no keylogging involved at all.

You need to contact Blizzard's Account Support department to get the ball rolling on getting your account back. Then you need to run virus and malware checks on your system, to make sure it's clean.
__________________
“Do what you feel in your heart to be right — for you’ll be criticized anyway.” ~ Eleanor Roosevelt
~~~~~~~~~~~~~~~~~~~
Co-Founder & Admin: MMOUI
FaceBook Profile, Page, Group
Avatar Image by RaffaeleMarinetti

Last edited by Cairenn : 06-08-09 at 07:54 PM.
  Reply With Quote
06-08-09, 07:52 PM   #4
paint4blood
A Murloc Raider
Join Date: Jun 2009
Posts: 5
Would you mind explaning the dictionary hack?
  Reply With Quote
06-08-09, 07:55 PM   #5
paint4blood
A Murloc Raider
Join Date: Jun 2009
Posts: 5
Nvm I googled the hack and I know what it is. My cousin has this hack, called rainbow, but he uses it for legitamit reasons, he even got a medal when the program did all the work.
  Reply With Quote
06-08-09, 09:13 PM   #6
shyce
A Fallenroot Satyr
AddOn Author - Click to view addons
Join Date: Apr 2009
Posts: 24
Originally Posted by paint4blood View Post
Nvm I googled the hack and I know what it is. My cousin has this hack, called rainbow, but he uses it for legitamit reasons, he even got a medal when the program did all the work.
Rainbow tables and dictionary attacks are completely different.

Rainbow tables decipher a hash, whereas a brute force dictionary attack uses plain text in an exhaustive array.

I completely agree with Cairenn, don't spread slander against a talented addon developer if you don't have hard evidence.

Last edited by shyce : 06-08-09 at 09:16 PM.
  Reply With Quote
06-08-09, 10:18 PM   #7
paint4blood
A Murloc Raider
Join Date: Jun 2009
Posts: 5
Originally Posted by shyce View Post
Rainbow tables and dictionary attacks are completely different.

Rainbow tables decipher a hash, whereas a brute force dictionary attack uses plain text in an exhaustive array.

I completely agree with Cairenn, don't spread slander against a talented addon developer if you don't have hard evidence.
Well what would you think if your account got hacked right after you downloaded an add-on. Not everyone fully understands how hacking works, I sure as hell don't.
  Reply With Quote
06-08-09, 10:57 PM   #8
Auren
An Aku'mai Servant
 
Auren's Avatar
Join Date: Sep 2006
Posts: 37
Originally Posted by paint4blood View Post
Well what would you think if your account got hacked right after you downloaded an add-on. Not everyone fully understands how hacking works, I sure as hell don't.

Only an idiot would hack ur account as soon as you run a keylogger.
They usually wait a few hours or days at least, so you are unsure when/where it happens etc.

Spreading false rumours without ANY evidence is just epix fail.
Get evidence then try to ruin his name.
__________________
Rogue [Combat] - 80
Paladin [Protection] - 80
Death Knight [Blood] - 77
Shaman [Elemental] - 77
Mage [Frost] - 76
Priest [Shadow] - 75
Hunter [Beast] - 72
  Reply With Quote
06-08-09, 11:15 PM   #9
Everglow
An Aku'mai Servant
 
Everglow's Avatar
AddOn Author - Click to view addons
Join Date: Apr 2008
Posts: 36
Both Shyce and Cairenn are completely correct. Another thing you should consider before blaming an addon is that no addon developer in his right mind would include a keylogger or password hacker in his addon. Do you know how quickly and easily that would be discovered in the WoW community? All addon source code is easily and often read by thousands of lua programmers all the time.

Originally Posted by shyce View Post
Rainbow tables and dictionary attacks are completely different.

Rainbow tables decipher a hash, whereas a brute force dictionary attack uses plain text in an exhaustive array.

I completely agree with Cairenn, don't spread slander against a talented addon developer if you don't have hard evidence.
__________________
Everglow - Sisters of Elune/US
  Reply With Quote
06-08-09, 11:20 PM   #10
Cairenn
Credendo Vides
 
Cairenn's Avatar
Premium Member
WoWInterface Admin
Join Date: Mar 2004
Posts: 7,134
Easy guys, he wasn't deliberately trying to ruin their name, he was just trying to warn people about something he experienced (but was attributing incorrectly). There wasn't any malicious intent that I read in his post, just ignorance (in the actual meaning of the word, not the slang usage).
__________________
“Do what you feel in your heart to be right — for you’ll be criticized anyway.” ~ Eleanor Roosevelt
~~~~~~~~~~~~~~~~~~~
Co-Founder & Admin: MMOUI
FaceBook Profile, Page, Group
Avatar Image by RaffaeleMarinetti
  Reply With Quote
06-08-09, 11:26 PM   #11
Everglow
An Aku'mai Servant
 
Everglow's Avatar
AddOn Author - Click to view addons
Join Date: Apr 2008
Posts: 36
I realize you were upset... a friend of mine got hacked last week and I think it was through an email phishing scam. It's a pretty painful experience. But not understanding how these things happen is exactly why you shouldn't make accusations like that. If you don't understand it, then ask... don't accuse. Reread what you said about Skada, which is an excellent damage meter by the way, written by a good programmer in very clear, understandable and efficient code. I can guarantee you Skada isn't your problem.

Originally Posted by paint4blood View Post
Well what would you think if your account got hacked right after you downloaded an add-on. Not everyone fully understands how hacking works, I sure as hell don't.
__________________
Everglow - Sisters of Elune/US

Last edited by Everglow : 06-08-09 at 11:30 PM.
  Reply With Quote
06-08-09, 11:37 PM   #12
Everglow
An Aku'mai Servant
 
Everglow's Avatar
AddOn Author - Click to view addons
Join Date: Apr 2008
Posts: 36
Wink what to do

call Blizz account services at 1-800-592-5499 they will lock out your account, reset your password and restore anything that might have been stolen from your chars, usually within a week or two. Your job is to secure your computer with anti-spyware and not tell anyone your password.

Originally Posted by paint4blood View Post
... What suks the most is that I will not be playing for the next couple of months and I can't even log in to cancel my subscription. So unless this problem is resolved by June 12th. 2009 this guy will be playing my chars for free for about 2 months. Anyone know ways to hack my account back?
__________________
Everglow - Sisters of Elune/US
  Reply With Quote
06-09-09, 12:16 AM   #13
PigtailsofDoom
A Cyclonian
 
PigtailsofDoom's Avatar
Join Date: Apr 2009
Posts: 40
On a side note, after you get your account restored I'd highly recommend either buying an authenticator, or if you have an iTouch or iPhone, downloading the authenticator app. It's nearly fool proof for protecting your account from hackers, although it is a tad bit annoying to deal with. Personally, I love the added account protection.
__________________
Willowberi, lvl 85 Druid on Proudmoore
Thelesis, lvl 83 Mage on Proudmoore
  Reply With Quote
06-09-09, 01:50 AM   #14
Johnnaris
A Kobold Labourer
Join Date: Jun 2009
Posts: 1
Thanks for sharing. It's great.

simulation credit
  Reply With Quote
06-09-09, 01:54 AM   #15
Petrah
A Pyroguard Emberseer
 
Petrah's Avatar
AddOn Author - Click to view addons
Join Date: Jan 2008
Posts: 2,988
Originally Posted by Cairenn View Post

If you were keylogged, it could have been as long as six months ago.
QFT


[Important] Key-Loggers and Computer Security:
http://forums.worldofwarcraft.com/th...78038509&sid=1

Account Compromise Info Center:
http://forums.worldofwarcraft.com/th...73308319&sid=1

Account Retrieval Tips and Suggestions:
http://forums.worldofwarcraft.com/th...62836524&sid=1
__________________
♪~ ( ) I My Sonos!
AddOn Authors: If your addon spams the chat box with "Addon v8.3.4.5.3 now loaded!", please add an option to disable it!
  Reply With Quote
06-09-09, 07:01 AM   #16
Kupotek
An Aku'mai Servant
 
Kupotek's Avatar
AddOn Author - Click to view addons
Join Date: Jan 2006
Posts: 38
Bliizard Authenticator

It's free if you have an Iphone or Ipod, and only $6 with for the physical keychain version with shipping. Peace of mind for only six bucks? Count
me in.
__________________
Panther UI | My Home on the Web
  Reply With Quote
06-09-09, 07:03 AM   #17
us2006027321
A Frostmaul Preserver
 
us2006027321's Avatar
Join Date: Apr 2009
Posts: 277
Originally Posted by paint4blood View Post
Yes it is true, my account was hacked. I know how too...
I'm very sorry to hear that your account was hacked. That's never fun, and as you had high level toons (level cap or not), I can empathize with how that my feel like a lot of lost time and work.

As much as I would love to pick up the anti-WM banner with you and march on a crusade, I feel I should inform you that during my entire time using WM, I never picked up keyloggers. I am not the only WM user who has enjoyed being hack-free during my time. I know that personal experience doesn't exactly count as incontrovertable proof in WM's favor, it should at least be a reason to count WM out of the list of variables that led to this unfortunate event.

The other thing I wanted to mention (more in the nature of waving my anti-WM banner) is that knowing their "hosting" practices as I have come to understand them, I highly doubt that an add-on that "originated" from WM would have a virus. In Skada's case, it's one of the many add-ons WM nabbed from another site. I can't tell if it was nabbed from Curse or WoWI, but Skada is hosted on WoWI, and WoWI wouldn't keep an add-on if it was dirty. That should help you pull Skada out of the list of variables.

Again, I'm very sorry to you for the situation. I wish you all the best in getting it back. Oh, and... welcome to WoWI!

/hug
/soothe
/luck
__________________

  Reply With Quote
06-09-09, 07:12 AM   #18
Zyonin
Coffee powered Kaldorei
 
Zyonin's Avatar
AddOn Author - Click to view addons
Join Date: May 2006
Posts: 1,443
Originally Posted by us2006027321 View Post
The other thing I wanted to mention (more in the nature of waving my anti-WM banner) is that knowing their "hosting" practices as I have come to understand them, I highly doubt that an add-on that "originated" from WM would have a virus. In Skada's case, it's one of the many add-ons WM nabbed from another site. I can't tell if it was nabbed from Curse or WoWI, but Skada is hosted on WoWI, and WoWI wouldn't keep an add-on if it was dirty. That should help you pull Skada out of the list of variables.

Again, I'm very sorry to you for the situation. I wish you all the best in getting it back. Oh, and... welcome to WoWI!

/hug
/soothe
/luck
Likewise, neither would Curse nor WoWUI.Incgamers (I wish they would get a more distinct name for that site as WoWUI is too close to WoWI). The "Big Three" do not tolerate "funny files" in the AddOns they offer for download.
__________________
Twitter
  Reply With Quote
06-09-09, 09:38 AM   #19
katrinav
A Kobold Labourer
Join Date: Jun 2009
Posts: 1

this is a very interesting post. thanks for sharing
  Reply With Quote
06-09-09, 11:19 AM   #20
Bluspacecow
Giver of walls of text :)
 
Bluspacecow's Avatar
AddOn Author - Click to view addons
Join Date: Dec 2006
Posts: 770
I apologise if this has been addressed in the thread before but....

Your average run of the mill addon can not log your keys or steal your login and password.

An addon consists of a few text files , some images and some sounds maybe.

They operate in a sandboxed enviroment so hence have no access to the outside world , can't email anything , can't send anything any where and don't even have access to your hard drive. They can read in from the saved variables and write out to the saved variables at logout/game exit but even that's limited (afaik they can't even name the file).

Also they load after you've already logged in. So even if they could send it somewhere they wouldn't have the information to send as that authentication information's gone by the time they get loaded.

Finally there's never been any concrete proof that wowmatrix has any keyloggers in it. When I say proof I mean a packet sniffer / network report showing authentication data being passed to a non blizzard domain.
__________________
tuba_man on Apple test labs : "I imagine a brushed-aluminum room with a floor made of keyboards, each one plugged into a different test box somewhere. Someone is tasked with tossing a box full of cats (all wearing turtlenecks) into this room. If none of the systems catch fire within 30 minutes, testing is complete. Someone else must remove the cats. All have iPods." (http://community.livejournal.com/tec...t/2018070.html)
  Reply With Quote

WoWInterface » General Discussion » Chit-Chat » Guess what... my account was hacked.

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off