HoTs and DoTs: A Restoration Druid and Shadow Priest

44 Responses to “Hacked.”

  1. KenelmNo Gravatar says

    I play on a mac as well, but use the iPhone authenticator app for extra security. I highly recommend using that or a physical authenticator.

  2. KenelmNo Gravatar says

    Oops, forgot another tip. If you have an email account that let’s you set up proxy email addressses, that helps too. I use MobileMe, and set up a proxy address that I use for other services like battle.net. That proxy adress can’t be used to log into my MobileMe account, so no one actually knows my true MobileMe login.

  3. MailiaNo Gravatar says

    I got the same thing done to me, except I lost my Gmail access too. Great thing that they replied to me at Google really fast after I sent in a ticket about it and regained my email and my WoW account with it. I was banned for three days however and I could just look at my Armory, no gear whatsoever, at horror.

    As I shuffled through my characters, I could only notice my rogue missing gear/money/items. She lost 17k gold, a Warglaive, bunch of dresses and others. I was really furious.
    Thanks god the GMs restored everything I lost really well.

    Also, the most fishy part? Later during the day of the unbanning, I got messages from an ex-friend (after this, he’s ex) and they were like..
    “Hey. How much gold did your main have again?”
    “Why are you nude on the Armory?”

    Of course, I didn’t want to give him the satisfaction of telling that I was hacked, so I gave out really general and bland answers. Also, my Google Mail now sends an SMS to my phone with the confirmation code if someone tries to change it’s password. NEVER AGAIN!

  4. Ah man, that sucks! We watched someone in our guild get hacked one night. They actually took the max withdraws on his toon. And get this… four stacks of nettlefish? Wtf? Nettlefish? C’mon.
    We had to get someone to call an officer and gkick his alts before he took more. It was pretty funny. Happened at about 2am.
    Someone needs an authenticator for Crimmus!
    .-= Sushicookie’s last blog … Quick post- bloggers. :D =-.

  5. CynwiseNo Gravatar says

    Wow. I’m so sorry, but the GMs seem to be able to restore everything once they look at your ticket.
    .-= Cynwise’s last blog … The Mercenary =-.

  6. RhidachNo Gravatar says

    That’s rough, I’m sorry hear you have to go through this. I hope all your stuff gets restored as soon as possible.
    .-= Rhidach’s last blog … The time has come Blizz: give us stances =-.

  7. VerileNo Gravatar says

    Sorry to hear. At least you were able to catch it in action.
    .-= Verile’s last blog … 10 Man Vs. 25 Man Raids =-.

    • NishiNo Gravatar says

      Oh my word MaryAnn, you are too kind! I didn’t think anyone even read these pages, let alone offer my blog from way back. Thank you. You are hrdlay an Optimist by Accident. And i LOVE your bucket list;)

  8. MetaneiraNo Gravatar says

    Ugggh. I’m so sorry you went through that. At least you have your gear so you can continue raiding, and I’m sure the GMs will get your gold back soon enough.
    .-= Metaneira’s last blog … Upcoming Bug Hunts! =-.

  9. AUTHENTICATOR

    and this never happens again
    .-= Angry Gamer’s last blog … Dragon Age: Origins releases today…not sure I care though =-.

  10. AneaNo Gravatar says

    I’m really sorry to hear that :(

    Like a few people have suggested, you could get an authenticator – that ought to help. I would also recommend getting a gmail account rather than hotmail. It’s superior for a lot of reasons I won’t get into, but their delivery of mail is much faster than hotmail, I’ve found, and their security is great. Definitely look into it.

    I hope things work out for the best :(
    .-= Anea’s last blog … Willpower =-.

  11. SchitsoNo Gravatar says

    Don’t give them the satisfaction of being called a hacker. In all probability it was just a kid that got lucky guessing the answers to your recovery questions.

  12. JaediaNo Gravatar says

    Ouch, this happened to my ex in the middle of a Kara run too. Nice when you can catch it that fast at least. But I’m definitely going to buy an authenticator now.. Noticing too many security issues at the moment and I have put too much work into my account to have it stolen by some self-righteous tosser. I really hate this kind of behaviour it’s disgusting :< and I'm glad all you lost was a bit of gold, really.
    .-= Jaedia's last blog … Two Parts =-.

  13. lissannaNo Gravatar says

    Account hackings USUALLY come from keyloggers on an end-user’s machine, or falling victim to phishing scams. The biggest problem is actually having a keylogger BEFORE the upgrade, and then sending the hacker all your info all bundled up at the same time when you do the upgrade. However, even if you didn’t do the upgrade, they already had your login and password information and could have used it at any time. There isn’t anything about the process that could cause you to get a new infection.

    Authenticators are the only protection your account has if your machine is infected with a keylogger. Nothing else you do matters if everything you type into the machine is being recorded Most antivirus programs are HORRIBLE at detecting and removing keyloggers, and some keyloggers actually are only detectable when WoW is running.

    Making a brand new e-mail address is recommended for upgrading battle.net accounts, but non-battle.net accounts have been hacked at alarming rates WAY BEFORE the battle.net conversion even started.

    If you were hacked, I really suggest that you uninstall and completely install your operating system, and then work to re-secure the e-mail account that they also get access to by using the keylogger to pick up both your WoW account & e-mail account info. It’s the same thing that they’ve been doing for the last 5 years, and the timing of your hacking is really just a coincidence.

    A certain percent of their 11 million playerbase gets hacked every month, and it’s just a coincidence in timing if that same % of people get hacked during the month where accounts are being upgraded to battle.net.

    Get an authenticator.
    .-= lissanna’s last blog … Pugging for Pugs? New pictures of the pet reward =-.

  14. adgamorixNo Gravatar says

    I don’t get it. After all the folks that have been hacked, and with the many ways you can get an authenticator now….

    It always seems strange to blame the victim – and yeah, it sucks that you got hacked, authenticators are really the only way to go.

    On a side note, when one of our guildies got hacked, they were able to circumvent the max withdrawl per day setting on the gbank. We even had a GM verify that the settings were correct, but they stood there and drained 50k out of the gbank – when the daily limit is 5k.
    .-= adgamorix’s last blog … Next Stop – Insanity =-.

  15. MartikNo Gravatar says

    It really sucks when stuff like this happens. I know for me, having been hacked on five separate occasions, that I flip out when this happens. I’ve been able to get my account back every time, but it never changes how you feel. All you can do is clean your machine and change everything to secure and new passwords and hope for the best.

    I did notice also, that I seemed to get hacked right after my switch to battle.net. Hopefully we won’t see a lot more hackings with the mandatory switch to battle.net.

    Once again, I feel for you :(
    .-= Martik’s last blog … Double post. Double stu…. Oh wait. =-.

  16. lissannaNo Gravatar says

    Martik, the total number of game hackings hasn’t changed because of battle.net. It’s just new wrapping paper on a problem that has been going on for years, and it’s something Blizzard can’t prevent on their end. Releasing the authenticator has been the only thing that seems to have had a great impact in reducing account hackings. Switching to battle.net isn’t any less safe, since keyloggers get all the info you type into the computer (including banking info!) that they could use if they wanted to. It’s not the player’s fault that an evil person with a keylogger decided to steal their stuff, but it’s also not Blizzard’s fault either, and Blizzard has been really great about restoring things once it happened.

    Before authenticators were in place, it would take a month or two to get stuff restored. Now, you can get at least some items within the week that you report it usually (depending on how slammed GMs get with other requests for silly things like Holiday bugs).
    .-= lissanna’s last blog … Pugging for Pugs? New pictures of the pet reward =-.

  17. LittlebarkNo Gravatar says

    I’m so sorry you had to expirience that. I’ve never been hacked, but I was online while one of our officers was being hacked. He had officer status on all his toon -a bad move- and was able to withdraw all of our Ulduar epics, 5k gold from each toon, all of our consumables, our fish feasts…

    It was horrible. However, the GM’s were able to get everything back to us within the week. They were so great about it, that they answered my ticket the same day I put it in (usually tickets are answered 2-3 days after they’re put in on my server.)

    Anyways, I hope you get everything back.

    Littlebark
    .-= Littlebark’s last blog … Tale Forty Two: I honestly don’t why I put up with it. =-.

  18. TeblaNo Gravatar says

    I have been using an authenticator for a while now. First on an iPhona and now the physical one. Only like 9 bucks with shipping. I highly recommend it.

  19. EristhanNo Gravatar says

    Ick. I thought Macs were invulnerable to things like that? Now I’m just all the more paranoid to upgrade…
    .-= Eristhan’s last blog … C&B: Ad Hominem =-.

  20. NazanielNo Gravatar says

    So sorry to hear this happened to you :(

    This happened to me a few weeks ago as well, just after I switched to a battle.net account. It’s ridiculous that Blizzard can’t do anything to stop this :( It’s heartbreaking when you realise that everything is gone… but you’re right, same as me, at least they left your gear so you can still raid in the meantime. Small mercies.

    For the record, I’m in the same boat as you and have no idea how they got my password – we think it’s brute force using my email address, but we can’t tell.

    I agree with what you said about buying gold – if people didn’t buy gold, we wouldn’t have this problem.

    If it’s any consolation, you should get absolutely everything back – it took Blizzard less than a week to get all my gold and everything sold returned.

    I feel a lot more secure now that I’m using an authenticator. Even more scared than before of losing my iPhone… but more secure.

    Best of luck getting it all back…
    .-= Nazaniel’s last blog … Grouping without the group =-.

  21. ShadeNo Gravatar says

    Oh no!

    I’ve been lucky enough to have never been hacked – but the possibility exists no matter WHAT you do or what kind of hardware you’re running. The authenticator is really the only way to go to lock everything down tight, unfortunately. I’m SO glad you managed to get ahold of the account again fast enough to lose nothing but your gold and possibly a small chunk of your sanity – the GM’s should restore everything if you ask nicely, I think.

    A couple of weeks ago I had a friend in a guild I used to be in tell me that he and several others were online when a very old account from an officer that hadn’t logged on since…well, early TBC I think, signed on and immediately went about gkicking everyone, then inviting a level one alt with a name like ‘hstzczcz’ into the guild and proceeding to merrily clean out the guild bank.

    They got the guild bank in about two hours, but it wasn’t fast enough to prevent the bank from being cleared out. GM’s restored pretty much everything though – so you should be okay!

  22. UltraNo Gravatar says

    heya cass sorry to hear what happened ): I’m happy to help if you need stuff for raiding :)

    I was hacked last year – but it was through some fake battle.net account website which I must admit was stupid on my behalf as it had such a similar url us-battle.net or something lol. I hope it all works out for you – they shouldn’t have any problems restoring your gold and other things, just gotta be patient :D

  23. CassandriNo Gravatar says

    Thank you for all the kind comments. Having had some time to sleep and think about things I do think that perhaps the Security Question that I chose when I set up my Battle.net account wasn’t particularly secure at all. Still not sure how they managed to get into my Hotmail account though – that had a pretty strange and unique password.

    I’ve changed to a different email address. Changed the password on my email addresses and Battle.net. Lets hope that’s enough to protect me for now.

    I’m thinking about the Authenticator, but I just can’t see me buying one.

    @Eristhan Yeah, I think/hope my Mac is keylog-free.

    @Mailia I once had my eBay account hacked through my GMail account. So I don’t use GMail anymore.

    @Schitso You’re right. I’m going to go and edit this some. They deserved to be called a “thief”.

    @adgamorix I definitely feel that there is still some stigma attached to being the victim of account hacking. I wanted people to understand that I don’t play fast and loose with my WoW account security. The guild that I’m in atm has had the guild bank hacked a few times in the past and they restrict members from practically everything. I’m glad.

    @Shade I imagine if they successfully hack into a GM’s account (one with a lot of cash in the guild bank) they must have a field day. Do you think the would have attracted less attention if they didn’t /gkick everyone? About a year ago one of the officers in my old guild was approached by a player pretending to be the alt of another officer (who wasn’t online). Then they tried to talk their way into being promoted to Officer rank. It was suspicious enough, and at a time of day when the player should have been at work, that we didn’t fall for it. Was a close call though.

  24. MearaNo Gravatar says

    Long-time lurker, first time commenter.

    I was also hacked not long after switching to a Battle.net account. And I too caught the hackers in action. Despite getting control of my account back within minutes, they managed to strip my 2 mains of all their inventory and gold, and raid my bank toon. They even managed to transfer one of my toons to another server with everything on her.

    I filed an ingame ticket, sent the GM’s an email, and filed a ticket through the website. The following morning I also called Blizzard Support. The CSR was amazing and reversed the character transfer, which restored all of my gold, plus the profits the hackers made from selling my things. Later that same day, another GM talked to me and let me know that Account Recovery was taking care of it. Then still later another GM contacted me to let me know they’d restored everything. And still later a third GM contacted me as a follow-up to make sure I was ok and had got everything back.

    Being hacked SUCKS, no doubt. And I honestly think the reasn they were able to hack me (and probably you also) is because they plugged in our email addresses and ran a number generator to figure out the password. I got an authenticator after this, and changed all of my information around. including making a brand-new email just for my accounts. So I would strongly recommend doing the same.

    The GM’s will get back to you, and they will help you out. I’m sorry this happened, and wish you the best of luck. *hug*

  25. CassandriNo Gravatar says

    @Meara Thanks for the *hug*. Your story is really comforting because it sounds like they actually caught the culprits – or at least halted their nasty, low-down, account stealing practices for a while.

  26. ZahrahNo Gravatar says

    Am glad you got your account back :( storys like this make me grateful for the extra protection of my authenticator..
    .-= Zahrah’s last blog … Loot dealing and Wheeling. =-.

  27. ErinysNo Gravatar says

    Glad you got your account back ok and so fast as well.

    Being hacked is definitely my idea of a WoW nightmare. I didn’t get a raid achievement once (turns out being a spirit of redemption when the boss dies doesn’t actually count as you the player being there) and ticketed a GM to ask if anything could be done about it. They logged my character to check the records without saying anything and I got to watch through my boyfriend’s screen as my precious priest came online of its own accord. The next 10 minutes was so painful, that I’m hyper cautious now. I too would definitely recommend the authenticator for that little added extra peace of mind..

    Hacking does seems to be a major issue right now though. We lose part of the guildbank around once a week at the moment (its people who run virus protection and aren’t handing out their passwords to all and sundry) and are seriously considering making the whole guild get authenticators for the extra protection.

    One guildmate did actually make a couple of thousand gold from being hacked though. The hacker had her paladin farming relics of ulduar in the Stormpeaks for 24 hours plus left her with stacks of saronite/titanium and eternal fires which the GM’s told her to keep.

    Although some of the stuff they take from our bank is seriously strange, the last hacker ignored our frost lotuses and took our voodoo skull collection for some reason.
    .-= Erinys’s last blog … The Virtual Menagerie =-.

  28. Hey,
    thank you very much for your kind words. I actually have a “proper” blog for my wow thoughts, sometimes real life and wow intertwine for me, as I expect they do for a lot of people!
    And certainly don’t say sorry! I love your blog and your posts.
    Thanks again for commenting,
    Sof
    .-= Sophie (Elsen-Terenas-EU)’s last blog … Miss Medicina’s Healing Questionnaire! =-.

  29. ShadeNo Gravatar says

    @Cassandri – I think that it was late enough at night that they didn’t need to worry about attracting attention. The guild roster was pretty clearly set up rank wise so all it would’ve taken was a quick peek at who was online to see if there was another officer on or not – and since there wasn’t, they just gkicked away and had a field day with it. I think they got the majority of their stuff back, but I’m pretty sure it wasn’t -everything- – from what I remembered of being in the guild, they had a LOT of stuff stashed in the gbank.

  30. TamNo Gravatar says

    Aww Cass, I’m so sorry – that’s such a horrible experience. I guess in some ways you were “lucky” but it’s bad enough that it happened. *hugs*
    .-= Tam’s last blog … Dragons: Rated for your Convenience =-.

  31. DusknoirNo Gravatar says

    Really sorry to hear that. :[ I hope Blizzard can help.
    .-= Dusknoir’s last blog … Haste in PVP as of 3.3 =-.

  32. david stewart zinkNo Gravatar says

    Your hotmail account was not hacked.

    They sniffed your battle.net password somehow, then they logged in, booting you out. (You’d think “new login while user is not afk or disco” would ring an alarm somewhere.) Then you kept relogging and booting them out. Then they went to battle.net and changed your battle.net password.

    Their approach to looting your account is amateurish. I could suggest a couple simple ways (but I won’t) they could keep from getting stopped (given that blizz doesn’t care enough to do anything). So I imagine this is opportunistic, i.e. a kid who read your password over your shoulder at a cafe, or a ‘friend’. Or they could just be stupid. In general criminals are pretty stupid.

  33. CassandriNo Gravatar says

    Update (Sunday 10am): Just received a whole bunch of in game mail message from Blizzard with items and gold. I think it’s all there. And there’s stuff that I didn’t even realise was missing from my bank! Anyone need 20 Felcloth?

    Haven’t actually chatted to a GM yet – everything has happened via tickets and mail messages. No idea if they caught the hackers :(

  34. trendlessNo Gravatar says

    To be fair, Mac OS has never been invulnerable to malicious software — the market was just too small to be worth the effort. All that has changed with their resurgence in popularity. So much so that in Snow Leopard (10.6) Apple has included a rudimentary antivirus program. Malicious links, downloads and many other exploits that long have been used to compromise PCs have been appropriated and re-aimed at Mac users, so it’s not out of the question to consider it a possible entry-point for your recent privacy/account breach.

    … glad to hear (from you and all the commenters) that Blizz has a policy of replacing lost loot.

  35. KimeraNo Gravatar says

    here is how i solver all the issues without authenticator
    1.- install firerox (use this instead of explorer)
    2.- get the add on for firefox NoScript ,

    That will only allow the website you want on your machine and will block everything else, even if you click and bad link by mistake, no script will not let any program to run without your permition.

  36. ZaiNo Gravatar says

    The week that most of my guild converted to Battle.net accounts, five guild members got hacked; the week after, it was four, one including an officer with full access to our guild bank. From what we could tell, the battle.net site had effectively “activated” keyloggers that were already on our guildies’ systems, resulting in complete chaos as we waited every day to find out who’d been hacked next – the gmotd was changed to alert us all of free available anti-spyware and antivirus programs, whilst gbank access was changed to absolute minimum and we all changed our passwords and prayed that our guild master didn’t get hacked. He didn’t, fortunately. Interestingly, the GMs were on call 24-7, and everyone got all of their items back within 24 hours (although we couldn’t recover most of what we lost from our guild bank) – so it looks as if Blizzard had been expecting something like this to happen.

    Of course, two weeks earlier someone who hadn’t logged on for two months had turned up, looted the guild bank, said “hi i dont know any1 here so im leaving” and gquit. Turned out a guildie had sold/given away their account without bothering to warn us or leave the guild. On the whole, we’d rather have been hacked >.>

  37. HaedusNo Gravatar says

    Great to know you got your stuff back!

    I was hacked, the hacker also changed the password of my hotmail account then deleted my main (probably in a fit of rage; I didn’t have much gold).

    Apparently he used whatever emblem of mine he could to purchase valor bracers, then DEed all my Soulbound epics.

    The GMs returned EVERYTHING to me (including some greys and stuff that I had originally vendored myself) and I was left with 120 Abyss Crystals and 2 EoV Bracers and 2k more gold than I had before I was hacked.

    A very stressing, yet funnily profitable ‘getting hacked’ experience.

  38. NantosueltaNo Gravatar says

    Cassandri, I have to ask, are you using WoWMatrix? If so, I would place the blame squarely on that and not hotmail or your security question – do a google search of “wowmatrix keylogger” and you’ll find lots – the latest build of wowmatrix has even been reported to McAffee and Symentac as a keylogger. Many of my guildies got nailed by this one – if you still have it on your system, get rid of it! :)

  39. CassandriNo Gravatar says

    @Nantosuelta I am using WowMatrix. Well I installed it many months ago and have run it to autoupdate my addons twice, I believe.

    Assuming that the WowMatrix also installed some keylogging application, how can I be certain to remove that, too? Dumping the WowMatrix app into my trash bin wouldn’t fix the problem, would it? Or is WowMatrix a problem only when you actually run it (sending sensitive keylogged info to gold sellers)?

  40. NatarumahNo Gravatar says

    Well, one of the nasty things of the new battle.net is that many, many people use the email with which they blog or join mmo-related sites to log in with. Before the merge, everyone could have either an email adress (if they changed) or a username (if they did not). This means that people who want access to your account need 2 pieces of info to get in – username/email and password.

    After the required merge, I have seen compromised accounts reach a new height. Last year one hacked account in my WoW friends’ circle, and now almost 2 per month. Why is this?

    Partly due to the keyloggers, but also the required merge.

    Let’s say that there is a person with a toon named Fizzle. Before the merge, her account name was Pierre (after her boyfriend) and her password something ecclectic.
    After the merge, because she loved her toon Fizzle, she used her fizzle@hotmail email address, which also is the one with which she is registered on her guild site, fansites, and mmo-champion.
    Anyone who wants to hack Fizzle now has 1 piece of info – her email address. Using algorythms and scripts it is possible to generate an endless stream of passwords until the account unlocks (I have no idea if an account hardlocks after X tries, however).

    TL;DR: Create a special email for your account and never use it for something else, or get an authenticator. Else you are quite at risk of having your account compromised. And it sucks, believe me.
    .-= Natarumah’s last blog … DPS Q&A – Bring the pain =-.

  41. passwordNo Gravatar says

    Thanks for sharing your thoughts about hack.
    Regards
    password’s last post: password

  42. Adhere to what they visit your comprehension of the paintings you’re. The globe desires for all the more passionate copy writers such as you that are not worried to convey that believe. Continuously go after your own coronary heart.

  43. • Must have high understanding level to work
    on the client ideas. Build high-quality tracks with a sequence of loops, mixing synthesizers, drums, modulators and more.
    Advanced Task Killer Free is the perfect app to kill this process and save
    your battery life.
    Call of Mini Dino Hunter cheats android’s last post: Call of Mini Dino Hunter cheats android

Trackbacks

  1. [...] I will both be buying those and an authenticator for my account after reading Cassandri’s Horror Story. It could happen to any of us, for [...]

  2. Social comments and analytics for this post…

    This post was mentioned on Twitter by hotsdots: New Blog Post: Hacked. http://bit.ly/1TMRzZ
    Happy Reading!…

  3. [...] more fun: part 1, part 2, part 3.  Cassandri at Hots and Dots had a scary experience with a hacker — not to throw in a spoiler, but her characters are still playable and her gear sets are [...]

  4. [...] logged into my Battle.net account very very carefully yesterday. I actually logged in looking for some (any!) information about transferring Bind on [...]

  5. [...] more fun: part 1, part 2, part 3.  Cassandri at Hots and Dots had a scary experience with a hacker — not to throw in a spoiler, but her characters are still playable and her gear sets are [...]

  6. Sources…

    [...]check below, are some totally unrelated websites to ours, however, they are most trustworthy sources that we use[...]……

Leave a Reply

CommentLuv badge