Accounts hacked.. Banned... Cry...

[Flarin]

I never thought it would happen to me. Never. I am an IT professional. I don't visit disreputable websites. I don't download torrents. I don't use hacked or cracked software or run key generators.

6 years of toons on 2 accounts gone overnight.

What worries me the absolute MOST is I don't know how it happened, so I don't know how to prevent it from happening again. My password was an odd string of characters.

I know we have all heard stories like this before, and probably most people sneered thinking - "you did something wrong". Well, if I did, I certainly don't know what it is.

This is very upsetting. It is like a "violation" of my personal space really. Sure it sucks that even if I get "some" of my characters back I probably won't get everything. Sure I lost close to 100,000 gold, which may not be much now, but it was earned pre-Lich King for the most part which makes it a little harder.

Thanks for reading my rant. I can't bring myself to play the 1 of my 2 accounts that is still not "banned" for gold selling - just looking at all those level 1 bots on all those realms makes me sick. Names like "wjkeeksdsdfd" and such - ugh it hurts.

[Taryble]

Oh, ouch man! That sucks. I thought the same thing before I got hacked - programmer, general geek, been using a computer since '85, yadda yadda. Arrogant about it, no virus scanner, no adbot scan, etc. Logged on one day to find an authenticator attached to my account, and all the gear from my 3 80s, my 70, and my personal guild bank gone. Changed my password immediately, downloaded a virus scanner and adbot-search-and-destroy, then called Blizzard.

Thankfully, I hadn't been used for gold-selling. Maybe they'll reinstate if you call and talk to them?

[Flarin]

Thanks man - we will see. One of the accounts was banned for having a "possible keylogger". One was banned for gold selling - this was a defunct account I was not paying for that was at the BC level - they upgraded it to Lich King trial and starting gold spamming.

I do have one account that seems stable - of course all the characters, loot, etc are gone.

I just did a Spybot Search and Destroy - nothing found at all.

I hope they can get my stuff back. So many toons. Maxed fishing. Maxed cooking, engineering, enchanting - omg who wants to do THAT again lol.

AAAARGH!

Which makes me wonder - WHY did I link them to ONE battlenet account? At worst ONE account would have been compromised - now I have all three. Battlenet - not sure I am liking this now.

I ordered an authenticator - maybe that will help - if I can stomach coming back to the game.

[Gristadar]

just a fyi, if you used the remote ah, people are getting hacked even with authenticators if they used the remote ah and then there phone was hacked, happened to some1 I know. blizz the last I heard has suspended the remote ah

[Flarin]

Originally Posted by Gristadar just a fyi, if you used the remote ah, people are getting hacked even with authenticators if they used the remote ah and then there phone was hacked, happened to some1 I know. blizz the last I heard has suspended the remote ah

Thanks for the info - no I have not loaded that. I tried calling - they have so many complaints at the moment their queue is CLOSED.

So - I email them. I logged into the one working account I have, created a new character, and submitted a ticket. I changed the email address account. I changed the password. I have run 5 different spyware / trojan hunter programs and nothing has come up.

I guess I wait. If I have to start over - I am willing to take suggestions as to what US PvP server I should start over on. UGH UGH UGH I am not looking forward to starting from zero. I have not had to worry about startup gold for an alt for 6 years lol - I don't know what it is like to not have money for bags and spells lol. I guess it will be a good experience ?? Who knows. I love the game and enjoy it. I guess I will start a hunter again - those seem to level the fastest. Or a DK I guess since they start at 55.

Can you hear the "whine" and "whimper" in my typing? Waaagh! Lol...

[viking355]

Just take it back, REset comp, And hope for it to never happen again, no neec crying about it.

[PurpleWedgie]

Originally Posted by Flarin Thanks for the info - no I have not loaded that. I tried calling - they have so many complaints at the moment their queue is CLOSED. So - I email them. I logged into the one working account I have, created a new character, and submitted a ticket. I changed the email address account. I changed the password. I have run 5 different spyware / trojan hunter programs and nothing has come up. I guess I wait. If I have to start over - I am willing to take suggestions as to what US PvP server I should start over on. UGH UGH UGH I am not looking forward to starting from zero. I have not had to worry about startup gold for an alt for 6 years lol - I don't know what it is like to not have money for bags and spells lol. I guess it will be a good experience ?? Who knows. I love the game and enjoy it. I guess I will start a hunter again - those seem to level the fastest. Or a DK I guess since they start at 55. Can you hear the "whine" and "whimper" in my typing? Waaagh! Lol...

My daughter was hacked a few weeks ago (on a MAC even) but got everything back eventually. Bliz will take care of you, but it might take a week or so.

[Bluspacecow]

Originally Posted by Gristadar just a fyi, if you used the remote ah, people are getting hacked even with authenticators if they used the remote ah and then there phone was hacked, happened to some1 I know. blizz the last I heard has suspended the remote ah

Citation please.

I know the remote AH service did go down at the last few days or so. There's also a sticky in the CS forums about paid services being down as something appears to be wrong with their payment system somewhere.

Bit off topic here sorry

[Krahg]

Originally Posted by Gristadar just a fyi, if you used the remote ah, people are getting hacked even with authenticators if they used the remote ah and then there phone was hacked, happened to some1 I know. blizz the last I heard has suspended the remote ah

I searched goolge and the official forums and I don't see anything about this. Also I participate in a gold farming forum and nothing is mentioned there either. I feel almost certain the goblins I play with would have heard of this if it were true.

Can you provide any details from a reasonable source? Worldofwarcft.com, Wowhead, Blizzard or anywhere at all? I would like more info on this.

[Bluspacecow]

Going to be multi-quoting a lot of these posts as I can see there's a few things I can add/ misconceptions I can clear up from my time on the Official CS Forums. Spending time on the official forums am I insane ?? Yes I think so sometimes

Warning this post is going to be extremely verbose as 1) I have a lot ot say and 2) I'm a verbose type of guy who enjoys explaining things as clearly as I can and 3) Please see my tag under my name over on the left there "Verbose energizer bunny" (at least until Caireen changes it)

Originally Posted by Flarin I just did a Spybot Search and Destroy - nothing found at all.

There are certain programs that are more effective then others for getting rid of keyloggers/malware.

Unfortunately some are about as effective slapping your computer with a wet napkin. The best advice here is to use several of them. I've never been comprimised so my best advice is to visit the CS forums for suggestions on exactly what to use.

My suggestions would be Avast & Malwarebytes as well as a scan with Combofix. Again ask around on the CS forums for the ones best to use.

Originally Posted by Flarin Which makes me wonder - WHY did I link them to ONE battlenet account? At worst ONE account would have been compromised - now I have all three. Battlenet - not sure I am liking this now.

Concerns about consolidation aside the real advantage of battle.net is you are now able to easily change your login name. All you need to do is change the email address and the email you use to log into wow changes. Takes seconds.

You were not able to do this with the old security system.

Originally Posted by Flarin THAT - is definitely a possibility for sure. Can't hurt to change email addresses - they kept resetting my password every 10 minutes or so until I finally changed it. Drastic sure, but since I changed my email address it has stopped.

This is concerning. Are you saying your email account was hacked as well or are you saying it's stopped because you changed your battle.net email address.

Because if your main email account has been hacked you might want to look into that as well.There would be more important stuff linked to that then wow EG ebay stuff as well as your online banking details.

Originally Posted by mrruben5 1. Change password to a different, non-repeating(use the password once, and never use it again after) password every week. 2. Change email address every half year.

It takes a few minutes to change your battle.net email address. Thereby invalidating one piece of information the hackers use to get into your account.

It used to be if they had your account name they had it forever and could keep hacking you that way. Change the b.net email address as well and they don't have the login nor the password to get in.

With most good email providers you can also set it up to also check emails on other email accounts. That way you can link in the old battle.net emails into your main email and not have to waste time checking dozens of other email addresses for emails.

Originally Posted by MoonWitch Honestly, I strongly feel that at this point - quite a few of the hacks now are a marketing fear method to sell a tun more of those authenticators :P (Note: my account has been nicely safe for several months.)

Moonwitch I don't think that Blizzard makes a profit on the authenticators. Let me explain my logic.

First off Blizzard do not make the authenticators. They buy them off Vasco. Bear this in mind when talking about making a profit of authenticators - you would need to factor in the cost for Blizzard to buy them and if they get them delivered to them or they get a third party to get them shipped to the customer.

Secondly been forum posters on the CS forums whose day job is company security. Who have on behalf of professional and corporate clients have
ordered authenticators at a similar quantity that Blizzard would possibly buy them at. The cheapest I've seen is about $8.50 for approx. 10,000 of them. I do not believe Blizzard buy more then that at once as if they don't sell they effectively have "dead stock" (ie stock in their storage space they can't sell yet but take up storage space anyway)

Finally how much does it cost Blizzard to restore an account ? Ticket queues are currently 10 days. There's a lot of logs Blizzard has to go through and there is usually at least two staff members involved - the one who gets the original tickets as well as the special person (*) who has to do the restoring.

If it costs more to restore the account then whatever money they would lose by taking a cut in profits from authenticator sales what direction would you take ?

Personally I would take the maybe $5 or $6 cut in profits per authenticator then have to deal with the possibly greater cost to the business of having company resources tied up restoring the account.

EDIT (*) Want to use this word here : http://en.wikipedia.org/wiki/Spe******t But the silly word filter keeps censoring it !!!!

[zoktar]

recently, like 3-4 weeks ago. there was a nasty java based exploit that allowed arbitrary files to execute.
ei, you could insert a keylogger via it, most people have java installed for web browsing. or it could of been any other microsoft applications that are riddled with arbtirary file execute vulnrability, including internet explorer, windows media player, msn, outlook, and service features such as remote desktop, and some other crap services that most ppl dont even use but are enabled by default to run in windows installations, i have no clue why really. im not 100% bout how the java exploit worked but im guessing since it starts up as soon as u visit a page with java it stays on even after you close your webbrowser, i think it was possible to connect to it at that point and run stuff remoteley "execute arbitrary files" but im not sure. so basicly all they need to know is your ip address and that your java has "loaded" to implement the exploit. same type of exploit existed/exists for windows media player. if i where u id look for a guide to disabled all unneeded services, if ur using java on webpages, kill it when ur done, (tho it has been fixed with update now, but it doesnt nessesarly update automaticly, i atleast had to update it manually). i dont reccomend using windows media player, outlook or internet explorer, id reccomend using windows media player classic, has no server based functions far as i know. or the video lan player, wich plays everything out of the box really. basicly beware of any applications/services that have server type functions. for these type of exploits atleast.

there are sites that keep an update on "all" new incomming exploits, could be worth finding a good one (dont have one atm), and keep an eye out for exploits wich allow arbitrary code to be executed.

owh i forgot, flash also had this type of exploit recentlyish, so update that aswell.
also i remember some java related crap was loaded even without it being "loaded".
hope that helps.
sry for the wall of text

[Ither]

I think it's funny. I have several masters degrees and a doctorate in Tech; I've never been hacked. Hell I don't even run anti-virus.

You guys have bad juju or something. Stay away from me!

[AxnJackson11]

I was just hacked last week and I sent blizzard an email and i got the automated response saying wait for a representative to contact me again. I've also tried calling but it says their queue is full. What can I do?

[Ither]

Originally Posted by AxnJackson11 I was just hacked last week and I sent blizzard an email and i got the automated response saying wait for a representative to contact me again. I've also tried calling but it says their queue is full. What can I do?

WTF... I haven't got hacked yet and I have an authenticator.. What are you guys doing to get hacked so much?!

[Cairenn]

As has been pointed out, there are numerous ways of having your account compromised and the hackers are working at it hard core. I'm glad for you that you have never been hacked, but please be a little more understanding and a little less condescending/incredulous/insensitive of those that haven't been as fortunate.

[anahok]

Very one is going on about how bad Battle.net is or how they dunno how people hacked...

There's several things: if they know your Battle.net email, it's possible they hacked your email. Many people use email that isn't on their own server... If the server gets knocked into and some one comes across that information, etc., they could also, possibly, use that. Maybe there's an email somewhere some one forgot about -- I dunno... I know that, recently, a lot of people's Hotmails have been hacked and their accounts slaughtered.

In all cases I know of, I've heard the people fight for it, give over LOGS, have testimonials out, etc... They're usually more lenient after you buy an authenticator then pursue the fixing of your account, but that might just be because the people I know that got hacked were very persistent. haha

I really hope OP has the same luck everyone I know has had... Some one was labeled as a gold seller on their account recently for making 400k off of just AH transactions... It's a very hard thing to get your gold back. Just gotta be firm about it. <3

[MoonWitch]

If it makes you feel better:
IT Security professional here.

Got hacked, not a single evil trace on my machine, no shared data etc etc
Got everything back..
3 weeks later, same thing.

Blizzard told me to reformat my machine before unlocking my account. Told em I did, which I didn't. Got an authenticator and now - it's all ok.

Honestly, I strongly feel that at this point - quite a few of the hacks now are a marketing fear method to sell a tun more of those authenticators :P (Note: my account has been nicely safe for several months.)

[Flarin]

I really appreciate the kind words and - more than you all know - the honest stories of other people that have had this happen to. Of course I feel terrible that you were violated, but it does soften the blow a bit - I am not the only one.

Called my brother today - sure enough - he was hacked as well a couple weeks ago - he is in the process of getting everything back now. He had much more lost - T10.5 on 4 characters and 10s of 1000s of gold.

I waited on the phone for about 25 minutes before getting someone live. They said since I had put a petition in-game that the issue was escalated which is all he had the power to do. He was very polite and said he had helped 100s of people with the same problem in the last several DAYS.

I am now at the mercy of Blizzard - waiting for an email.

My brother's experience was 1st the accounts and characters came back. Then he had to petition for his gear which he is waiting for on 1 account, his other account everything came back in mail.

So I wait. I still have 1 account I can play on. Started a character and will just wait.

Authenticator will arrive next week - that seems to be the key to protection - if you do not have one - GET ONE. You cannot hide from the scammers forever.

[MoonWitch]

Flarin,

Don't despair. The 1st hack was in the weekend, on a saturday, I had all my stuff back about 5 hrs after I created a ticket

2nd time was a little slower, but I got a lapdance from the GM, so it was worth it. :P And the hacker got bumped offline mid herb farming. I had all the herbs left :P (Made about 1kg of the herbs the hacker farmed but hadn't been able to send off.)

[Bluspacecow]

Originally Posted by Flarin I waited on the phone for about 25 minutes before getting someone live. They said since I had put a petition in-game that the issue was escalated which is all he had the power to do. He was very polite and said he had helped 100s of people with the same problem in the last several DAYS.

Restoration times are running at about 10 days at the moment as I understand it.

They have logs of everything you do in game. You kill a squirrel on the way to westfall and not only do they have what time of day and what day it happened but also your exact coordinates to 3 decimal places,what weapon you used,what sex the squirrel the was,how much HP it had,what attack you used to kill it,how much damage was done on it,what direction you were facing as well as what color underpants you were wearing at the time.

These logs take a long time to go through and Blizzard like to be exactly correct about what they restore. Patience is required in this.

What you can do if you nearing the end of that 9-10 days is to make a polite thread on the CS forums and ask politely for an update. If you're very lucky one of the forum CS reps there can check into your account for you and give you an update but it depends on the rep policing the forums at the time. Bear in mind this is not a way to fast track the queue as the reps in that forum can only deal with in game issues. But the saying is true - you catch more flles with honey and I'm sure if your post is poiite enough you will get the help you are after

Lastly once you have this all done make sure you run regular scans with the 3 products I've listed above (IE Avast, Malwarebytes. Combo Fix) . Also keep them updated as new exploits come out fairly regularly. With Combofix bear in mind there are specific instructions for using it and if you don't follow them correctly you can break things on your computer. Be very careful using it.

After all the price for freedom is constant vigilance.

Yes there is an exploit for the authenticator - I understand MalwareBytes has a fix for it already. In any which case search for an "emcore.dll" file on your computer to confirm if you have it or not. Ask around on the CS forums or on worldofraids.com for particulars on how it works. It's pretty rare and specialized but still possible. This doesn't make authenticators useless however.

Here's a few useful links for you :

http://forums.worldofwarcraft.com/th...18909866&sid=1
http://forums.worldofwarcraft.com/th...02231244&sid=1