Account hacked

Tenjikuronin · 01-24-07, 02:22 PM

Hi, just wanted to drop an FYI that a friends account was compromised. All gold and items gone. Only add -ons he used were from this site. I directed him here.

No finger pointing or blame being issued. Just wanted to let you guys know.

I have several i use from here and have not had an issue.

Just a qawinkydink is all

Hope all is well.

Sepioth · 01-24-07, 02:51 PM

Well I can tell you he did not get it from here. I have been coming here since the site pretty much opened as my main source for UI add-ons. Curse I stay far away from and I will travel to the Unofficial WoW UI site on occasion. Never once have I had any problems here whatsoever.

What add-ons is he using?

As Cairenn pointed out in another posts any Add-ons that use an executable file require the source code to be handed over so it can be checked before public release here. All updates are the same as well. As far as regular add-ons I doubt there is something in those that can hack an account.

Chances are you buddy has an infected computer from somewhere else . Did he receive an e-mail from a so called Blizzard account personnel asking for account info? Run a virus scan and ad scan.

Also I sure hope he reported it to Blizz as well.

Tenjikuronin · 01-24-07, 03:02 PM

This may have been the case. Ticket was opened and they are currently looking into the matter of the compromised account.

Changed password and ran virus scan.

Again....just an FYI is all. I have been using this site since april of last year. NO issues for me.
And that is why i pointed him to this site for add-ons.

Just really weird was all.

Tekkub · 01-24-07, 06:03 PM

Caireen and crew check addons before they are available for download for the general baddies... viruses. The mass majority of mods do not contain any executables and run entirely in WoW's envirenment, so they are not capable of "phoning home". There are a few executables out there, namely from the major datamining sites, thott, alla, wowhead... These sites have a large enough user base that they're kept in check, besides they're asking you to help them by providing the data they need for their site... they're not going to want to screw you over.

If you're ever questioning a mod's truthiness then by all means, ask us. But understand that the crew here works to keep the addons provided legit and safe for everyone. If a mod is found to be harmful I'll guarentee you that Cair will look into it and remove it if it is.

***Cairenn*** · 01-24-07, 07:10 PM

No offense taken whatsoever Tenjikuronin.

We work damn hard to protect our users. That includes educating them on safe computing practices if necessary. Getting (legitimate) info out there about how to protect yourself is never a bad thing. And yes, if someone has a concern about a mod or mods on our site, we want to know about it so that we can check into it further. If you provide us with a list of the mods he was using, we will re-verify them. As others have said already though, unless any of them have some form of executable, there is no way for them to contain a trojan or keylogger. Regardless, get us the info and we will most certainly check.

Tekkub · 01-25-07, 12:55 AM

Aye, on the note of teaching users I'll chime in again.

One might ask how we know that a non-executable is safe. Well if you look in the addon folder it should only contain a few file types. Lua and XML (.lua and .xml) are addon code. TOC (.toc) defines what files are loaded by the game, this is fairly easy to read, open one and see. Addon code can only load textures and sounds, and execute entirely within the system Blizzard defines, so they can restrict us from doing anything they don't want us to. By that simple fact, if you trust Blizzard then you implicitly trust the addons running inside their rules.

There are a rare few cases where addons can be "hostile":
* Addons can send text to chat and the addon channels. You might not want an addon transmitting certain things, but it doesn't have access to sensitive information about your account, so there's not much harm that can be done here.
* Addons can delete or sell items. Blizzard has put in a verification for deleting items >= Blue, and I don't think this can be overridden (I've not checked though, but I would expect they protected the verify function). So this shouldn't be too much of a problem, but we could always write an addon to log what you trash or sell if you were really worried about it.
* Addons can intentionally cause a disconnection by requesting bad item data from the server, or trying to send a bad link or color across chat. This is intentional design by Blizzy to prevent "brute force" attempts to find new items that haven't dropped on the server yet (it's been done before), and to prevent people from sending intentionally misleading item links. This protection could be abused by an addon to forcibly disconnect a user, unfortunately.

Tenjikuronin · 01-25-07, 11:49 AM

Thank you for the posts. I did some checking and my understanding is he loaded auctioneer from a link on this site to the home page for it. Do not know if that makes a difference but he only had three addons. titan panel, atlas. and the auctioneer.

Blizz is looking into the matter now. I will post when data changes.