I still have all my gear. That's the main thing, right?
My World of Warcraft account was hacked last night at 5 minutes to midnight. I know exactly when it happened because I was online.
On Wednesday I raided with my guild as per usual. We called things a bit early and I was grateful, I’d been experiencing, as had most of our raid, pretty miserable latency on and off throughout the night.
I’d also disconnected at least 4 times, 3 of those times during our battle against Onyxia.
Usually I’d log off and eat dinner at the end of raid. But not this time. I got talked into running 10 man Ulduar with some mates, who I’ve blogged about previously. Lathere came along too. We jumped on our old guild’s Vent server to chat while we played.
We proceeded through the instance slowly. I disconnected a few more times, although not as frequently as I had in 25 man Onyxia. I was getting pretty annoyed – I usually have no computer problems whatsoever. I remember saying over vent “why does this keep happening to me tonight?” and thinking that perhaps I’d left Photoshop and iTunes running in the background while I was in game (which, I’ll admit, is pushing the capabilities of my iMac just a bit too far).
Then, while buffing for our second attempt at Thorim, I disconnected again. I was so frustrated – we weren’t AOEing or doing anything – I was just standing in a hallway.
But this time I couldn’t log back in.
“Invalid User Data”
I triple checked that I had my username right. I tried again. I tried to type my password more slowly, careful not to skip a key.
One of my friends in the raid tells me over Vent “You’re still online on my screen. You might have to wait until the game realises that you have disconnected.”
Then someone else on Vent makes some joke about rage disconnecting and hearthing to Dalaran. I don’t pay much attention.
But that joke must have sparked a memory because someone else replied with “It was weird that the game ported you to Dalaran. I saw you hearth and everything.”
This makes me stop (I’m still trying to figure out if the light indicator on my Caps Lock key is lying to me).
“Wait. You saw me hearth? You saw me cast the spell?”
The penny dropped. Someone had changed my World of Warcraft password (and therefore must have gained access to my Hotmail account) without my permission and had logged into my account with the new password. I couldn’t log in because I didn’t have the new password.
I fired up Battle.net immediately. I don’t remember Battle.net taking so long to load. But at that moment I would have paid a fortune for the whole site to be plain white with some black text. No pictures, no fancy buttons, no nothing. Just a way for me to change my password, and quickly!
I go through the steps (twice, because the first time I got re-routed back to the start at the Secret Question page) while my friends are giving me a blow-by-blow recount of what Cassandri is doing in game.
“Uh you’re standing by the mailbox now.”
I’m thinking about what I might have access to in the guild bank. I’m 99% confident that I wouldn’t have access to the most expensive and valuable items. But that 1% uncertainty is enough to make me repeat over Vent (what felt like 50 times) “Can you get someone to /gkick me?”.
All up it took me about 10 minutes to regain access to my own account and log back in.
They took all my gold. On all my characters on Barthilas. I found Cassandri standing on the Eventide steps with 34g to her name. I found my Rogue (but I only carry about 1k gold on her anyway) not much further away with less than 10g. Oh yeah, and a small fortune in enchanting mats and consumables.
My bank alt, who holds 3 years of sensible auction house buying and selling, was halfway down the road from Stormwind to Goldshire. With 15 silver.
Fortunately, I still had all my gear equipped. I even had my healing and PVP gear in my bags.
I can only think that the thief took the money and run. Perhaps they traded someone in Dalaran. I’m sure that they met with one of their own people outside Goldshire to trade over my gold. It must be harder for Blizzard to trace items that are traded between players than items that go through the mail system.
I don’t know what, if anything, was taken out of the guild bank.
I do know that I can raid tomorrow night. Even though I haven’t got enough gold to repair my own gear. And I’m grateful. I feel that, compared to other people who have lost control of their account, I was lucky.
Why did this happen to me? I don’t know. But if it happened to me, it can happen to anyone.
I don’t share my account details. I don’t share my email account details. I don’t game at internet cafes or check my email on any computer except my own – the one I’m writing this on right now.
I play on a Mac which is completely free of spy wear or viruses. I updated my Hotmail password only a few weeks ago. I updated my World of Warcraft account to a Battle.net account only 1 week ago.
Is it a coincidence that so soon after changing to a Battle.net account that my account was compromised? I doubt it. I can’t help but believe that the combination of a Hotmail account and changing to Battle.net made me vulnerable.
I’ve raised a ticket with a GM. I’ve yet to hear a reply.
I’d love to get in contact with a GM and have them tell me “thanks to your report we were able to track down the gold sellers responsible and have permanently banned their IP address and all IP addresses that they have been known to use.” But I think that’s highly unlikely. I expect to be told something along the lines of “Well there’s not much we can do. We can look into your account and restore some of your gold. I suggest you get a new email account.”
If you have a Hotmail account, I implore you not to upgrade to a Battle.net account. I know that Blizzard are pushing the changeover, but I think it’s worth considering setting up an email account elsewhere. I’m not confident that Hotmail is sufficiently secure anymore.
And if you have ever, ever, considered buying gold please don’t! The only way to stop gold sellers is to remove their customer base all together. As long as there is a “need” they will keep hacking and trading away other players’ hard earned gold just to turn around and sell it to another player.
As a last step I changed my Hotmail password. For the second time in as many weeks. And in my inbox was a polite notification from Blizzard “Battle.net Account – Password Change Notice”. At 11.49pm. A bit late. I don’t play and read my emails at the same time.
I’d like to see them implement a rule about how quickly you can change your account password and then log in.
If there had been 24 hours notice between the password change request, and implementation, then I would have seen that email and immediately taken steps to secure my account in time.
Or how about a rule that says you can’t change your password while you are currently logged in? I don’t think that’s unreasonable. Although you could argue that your chances of catching your hacker (assuming that any of them are ever caught) are higher if they operate during your play time.
In situations like this the “Talk to a GM” button isn’t really good enough customer service. I’d like a big shiny red button that says “A player’s account is being hacked right this minute – and I’m watching it happen!” that, when activated, sounds an alarm in the Blizzard officers and gains an immediate reply. If we just had some help we could have caught them in the act!
It pains me to say that the hackers have probably already gotten away with it.
*Update* Got my gold and items back! (Sunday 8 Nov)
*Update* Turns out that all my friends who were on Vent with me when my account was stolen were whispering a steady stream of abuse at the hacker while they pilfered my gold. Best thing I’ve heard all weekend! (Sunday 8 Nov)
I play on a mac as well, but use the iPhone authenticator app for extra security. I highly recommend using that or a physical authenticator.
Oops, forgot another tip. If you have an email account that let’s you set up proxy email addressses, that helps too. I use MobileMe, and set up a proxy address that I use for other services like battle.net. That proxy adress can’t be used to log into my MobileMe account, so no one actually knows my true MobileMe login.
I got the same thing done to me, except I lost my Gmail access too. Great thing that they replied to me at Google really fast after I sent in a ticket about it and regained my email and my WoW account with it. I was banned for three days however and I could just look at my Armory, no gear whatsoever, at horror.
As I shuffled through my characters, I could only notice my rogue missing gear/money/items. She lost 17k gold, a Warglaive, bunch of dresses and others. I was really furious.
Thanks god the GMs restored everything I lost really well.
Also, the most fishy part? Later during the day of the unbanning, I got messages from an ex-friend (after this, he’s ex) and they were like..
“Hey. How much gold did your main have again?”
“Why are you nude on the Armory?”
Of course, I didn’t want to give him the satisfaction of telling that I was hacked, so I gave out really general and bland answers. Also, my Google Mail now sends an SMS to my phone with the confirmation code if someone tries to change it’s password. NEVER AGAIN!
Ah man, that sucks! We watched someone in our guild get hacked one night. They actually took the max withdraws on his toon. And get this… four stacks of nettlefish? Wtf? Nettlefish? C’mon.
=-.
We had to get someone to call an officer and gkick his alts before he took more. It was pretty funny. Happened at about 2am.
Someone needs an authenticator for Crimmus!
.-= Sushicookie’s last blog … Quick post- bloggers.
Wow. I’m so sorry, but the GMs seem to be able to restore everything once they look at your ticket.
.-= Cynwise’s last blog … The Mercenary =-.
That’s rough, I’m sorry hear you have to go through this. I hope all your stuff gets restored as soon as possible.
.-= Rhidach’s last blog … The time has come Blizz: give us stances =-.
Sorry to hear. At least you were able to catch it in action.
.-= Verile’s last blog … 10 Man Vs. 25 Man Raids =-.
Oh my word MaryAnn, you are too kind! I didn’t think anyone even read these pages, let alone offer my blog from way back. Thank you. You are hrdlay an Optimist by Accident. And i LOVE your bucket list;)
Ugggh. I’m so sorry you went through that. At least you have your gear so you can continue raiding, and I’m sure the GMs will get your gold back soon enough.
.-= Metaneira’s last blog … Upcoming Bug Hunts! =-.
AUTHENTICATOR
and this never happens again
.-= Angry Gamer’s last blog … Dragon Age: Origins releases today…not sure I care though =-.
I’m really sorry to hear that
Like a few people have suggested, you could get an authenticator – that ought to help. I would also recommend getting a gmail account rather than hotmail. It’s superior for a lot of reasons I won’t get into, but their delivery of mail is much faster than hotmail, I’ve found, and their security is great. Definitely look into it.
I hope things work out for the best
.-= Anea’s last blog … Willpower =-.
Don’t give them the satisfaction of being called a hacker. In all probability it was just a kid that got lucky guessing the answers to your recovery questions.
Ouch, this happened to my ex in the middle of a Kara run too. Nice when you can catch it that fast at least. But I’m definitely going to buy an authenticator now.. Noticing too many security issues at the moment and I have put too much work into my account to have it stolen by some self-righteous tosser. I really hate this kind of behaviour it’s disgusting :< and I'm glad all you lost was a bit of gold, really.
.-= Jaedia's last blog … Two Parts =-.
Account hackings USUALLY come from keyloggers on an end-user’s machine, or falling victim to phishing scams. The biggest problem is actually having a keylogger BEFORE the upgrade, and then sending the hacker all your info all bundled up at the same time when you do the upgrade. However, even if you didn’t do the upgrade, they already had your login and password information and could have used it at any time. There isn’t anything about the process that could cause you to get a new infection.
Authenticators are the only protection your account has if your machine is infected with a keylogger. Nothing else you do matters if everything you type into the machine is being recorded Most antivirus programs are HORRIBLE at detecting and removing keyloggers, and some keyloggers actually are only detectable when WoW is running.
Making a brand new e-mail address is recommended for upgrading battle.net accounts, but non-battle.net accounts have been hacked at alarming rates WAY BEFORE the battle.net conversion even started.
If you were hacked, I really suggest that you uninstall and completely install your operating system, and then work to re-secure the e-mail account that they also get access to by using the keylogger to pick up both your WoW account & e-mail account info. It’s the same thing that they’ve been doing for the last 5 years, and the timing of your hacking is really just a coincidence.
A certain percent of their 11 million playerbase gets hacked every month, and it’s just a coincidence in timing if that same % of people get hacked during the month where accounts are being upgraded to battle.net.
Get an authenticator.
.-= lissanna’s last blog … Pugging for Pugs? New pictures of the pet reward =-.
I don’t get it. After all the folks that have been hacked, and with the many ways you can get an authenticator now….
It always seems strange to blame the victim – and yeah, it sucks that you got hacked, authenticators are really the only way to go.
On a side note, when one of our guildies got hacked, they were able to circumvent the max withdrawl per day setting on the gbank. We even had a GM verify that the settings were correct, but they stood there and drained 50k out of the gbank – when the daily limit is 5k.
.-= adgamorix’s last blog … Next Stop – Insanity =-.
It really sucks when stuff like this happens. I know for me, having been hacked on five separate occasions, that I flip out when this happens. I’ve been able to get my account back every time, but it never changes how you feel. All you can do is clean your machine and change everything to secure and new passwords and hope for the best.
I did notice also, that I seemed to get hacked right after my switch to battle.net. Hopefully we won’t see a lot more hackings with the mandatory switch to battle.net.
Once again, I feel for you
.-= Martik’s last blog … Double post. Double stu…. Oh wait. =-.
Martik, the total number of game hackings hasn’t changed because of battle.net. It’s just new wrapping paper on a problem that has been going on for years, and it’s something Blizzard can’t prevent on their end. Releasing the authenticator has been the only thing that seems to have had a great impact in reducing account hackings. Switching to battle.net isn’t any less safe, since keyloggers get all the info you type into the computer (including banking info!) that they could use if they wanted to. It’s not the player’s fault that an evil person with a keylogger decided to steal their stuff, but it’s also not Blizzard’s fault either, and Blizzard has been really great about restoring things once it happened.
Before authenticators were in place, it would take a month or two to get stuff restored. Now, you can get at least some items within the week that you report it usually (depending on how slammed GMs get with other requests for silly things like Holiday bugs).
.-= lissanna’s last blog … Pugging for Pugs? New pictures of the pet reward =-.
I’m so sorry you had to expirience that. I’ve never been hacked, but I was online while one of our officers was being hacked. He had officer status on all his toon -a bad move- and was able to withdraw all of our Ulduar epics, 5k gold from each toon, all of our consumables, our fish feasts…
It was horrible. However, the GM’s were able to get everything back to us within the week. They were so great about it, that they answered my ticket the same day I put it in (usually tickets are answered 2-3 days after they’re put in on my server.)
Anyways, I hope you get everything back.
Littlebark
.-= Littlebark’s last blog … Tale Forty Two: I honestly don’t why I put up with it. =-.
I have been using an authenticator for a while now. First on an iPhona and now the physical one. Only like 9 bucks with shipping. I highly recommend it.
Ick. I thought Macs were invulnerable to things like that? Now I’m just all the more paranoid to upgrade…
.-= Eristhan’s last blog … C&B: Ad Hominem =-.
So sorry to hear this happened to you
This happened to me a few weeks ago as well, just after I switched to a battle.net account. It’s ridiculous that Blizzard can’t do anything to stop this
It’s heartbreaking when you realise that everything is gone… but you’re right, same as me, at least they left your gear so you can still raid in the meantime. Small mercies.
For the record, I’m in the same boat as you and have no idea how they got my password – we think it’s brute force using my email address, but we can’t tell.
I agree with what you said about buying gold – if people didn’t buy gold, we wouldn’t have this problem.
If it’s any consolation, you should get absolutely everything back – it took Blizzard less than a week to get all my gold and everything sold returned.
I feel a lot more secure now that I’m using an authenticator. Even more scared than before of losing my iPhone… but more secure.
Best of luck getting it all back…
.-= Nazaniel’s last blog … Grouping without the group =-.
Oh no!
I’ve been lucky enough to have never been hacked – but the possibility exists no matter WHAT you do or what kind of hardware you’re running. The authenticator is really the only way to go to lock everything down tight, unfortunately. I’m SO glad you managed to get ahold of the account again fast enough to lose nothing but your gold and possibly a small chunk of your sanity – the GM’s should restore everything if you ask nicely, I think.
A couple of weeks ago I had a friend in a guild I used to be in tell me that he and several others were online when a very old account from an officer that hadn’t logged on since…well, early TBC I think, signed on and immediately went about gkicking everyone, then inviting a level one alt with a name like ‘hstzczcz’ into the guild and proceeding to merrily clean out the guild bank.
They got the guild bank in about two hours, but it wasn’t fast enough to prevent the bank from being cleared out. GM’s restored pretty much everything though – so you should be okay!
heya cass sorry to hear what happened ): I’m happy to help if you need stuff for raiding
I was hacked last year – but it was through some fake battle.net account website which I must admit was stupid on my behalf as it had such a similar url us-battle.net or something lol. I hope it all works out for you – they shouldn’t have any problems restoring your gold and other things, just gotta be patient
Thank you for all the kind comments. Having had some time to sleep and think about things I do think that perhaps the Security Question that I chose when I set up my Battle.net account wasn’t particularly secure at all. Still not sure how they managed to get into my Hotmail account though – that had a pretty strange and unique password.
I’ve changed to a different email address. Changed the password on my email addresses and Battle.net. Lets hope that’s enough to protect me for now.
I’m thinking about the Authenticator, but I just can’t see me buying one.
@Eristhan Yeah, I think/hope my Mac is keylog-free.
@Mailia I once had my eBay account hacked through my GMail account. So I don’t use GMail anymore.
@Schitso You’re right. I’m going to go and edit this some. They deserved to be called a “thief”.
@adgamorix I definitely feel that there is still some stigma attached to being the victim of account hacking. I wanted people to understand that I don’t play fast and loose with my WoW account security. The guild that I’m in atm has had the guild bank hacked a few times in the past and they restrict members from practically everything. I’m glad.
@Shade I imagine if they successfully hack into a GM’s account (one with a lot of cash in the guild bank) they must have a field day. Do you think the would have attracted less attention if they didn’t /gkick everyone? About a year ago one of the officers in my old guild was approached by a player pretending to be the alt of another officer (who wasn’t online). Then they tried to talk their way into being promoted to Officer rank. It was suspicious enough, and at a time of day when the player should have been at work, that we didn’t fall for it. Was a close call though.
Long-time lurker, first time commenter.
I was also hacked not long after switching to a Battle.net account. And I too caught the hackers in action. Despite getting control of my account back within minutes, they managed to strip my 2 mains of all their inventory and gold, and raid my bank toon. They even managed to transfer one of my toons to another server with everything on her.
I filed an ingame ticket, sent the GM’s an email, and filed a ticket through the website. The following morning I also called Blizzard Support. The CSR was amazing and reversed the character transfer, which restored all of my gold, plus the profits the hackers made from selling my things. Later that same day, another GM talked to me and let me know that Account Recovery was taking care of it. Then still later another GM contacted me to let me know they’d restored everything. And still later a third GM contacted me as a follow-up to make sure I was ok and had got everything back.
Being hacked SUCKS, no doubt. And I honestly think the reasn they were able to hack me (and probably you also) is because they plugged in our email addresses and ran a number generator to figure out the password. I got an authenticator after this, and changed all of my information around. including making a brand-new email just for my accounts. So I would strongly recommend doing the same.
The GM’s will get back to you, and they will help you out. I’m sorry this happened, and wish you the best of luck. *hug*
@Meara Thanks for the *hug*. Your story is really comforting because it sounds like they actually caught the culprits – or at least halted their nasty, low-down, account stealing practices for a while.
Am glad you got your account back
storys like this make me grateful for the extra protection of my authenticator..
.-= Zahrah’s last blog … Loot dealing and Wheeling. =-.
Glad you got your account back ok and so fast as well.
Being hacked is definitely my idea of a WoW nightmare. I didn’t get a raid achievement once (turns out being a spirit of redemption when the boss dies doesn’t actually count as you the player being there) and ticketed a GM to ask if anything could be done about it. They logged my character to check the records without saying anything and I got to watch through my boyfriend’s screen as my precious priest came online of its own accord. The next 10 minutes was so painful, that I’m hyper cautious now. I too would definitely recommend the authenticator for that little added extra peace of mind..
Hacking does seems to be a major issue right now though. We lose part of the guildbank around once a week at the moment (its people who run virus protection and aren’t handing out their passwords to all and sundry) and are seriously considering making the whole guild get authenticators for the extra protection.
One guildmate did actually make a couple of thousand gold from being hacked though. The hacker had her paladin farming relics of ulduar in the Stormpeaks for 24 hours plus left her with stacks of saronite/titanium and eternal fires which the GM’s told her to keep.
Although some of the stuff they take from our bank is seriously strange, the last hacker ignored our frost lotuses and took our voodoo skull collection for some reason.
.-= Erinys’s last blog … The Virtual Menagerie =-.
Hey,
thank you very much for your kind words. I actually have a “proper” blog for my wow thoughts, sometimes real life and wow intertwine for me, as I expect they do for a lot of people!
And certainly don’t say sorry! I love your blog and your posts.
Thanks again for commenting,
Sof
.-= Sophie (Elsen-Terenas-EU)’s last blog … Miss Medicina’s Healing Questionnaire! =-.
@Cassandri – I think that it was late enough at night that they didn’t need to worry about attracting attention. The guild roster was pretty clearly set up rank wise so all it would’ve taken was a quick peek at who was online to see if there was another officer on or not – and since there wasn’t, they just gkicked away and had a field day with it. I think they got the majority of their stuff back, but I’m pretty sure it wasn’t -everything- – from what I remembered of being in the guild, they had a LOT of stuff stashed in the gbank.
Aww Cass, I’m so sorry – that’s such a horrible experience. I guess in some ways you were “lucky” but it’s bad enough that it happened. *hugs*
.-= Tam’s last blog … Dragons: Rated for your Convenience =-.
Really sorry to hear that. :[ I hope Blizzard can help.
.-= Dusknoir’s last blog … Haste in PVP as of 3.3 =-.
Your hotmail account was not hacked.
They sniffed your battle.net password somehow, then they logged in, booting you out. (You’d think “new login while user is not afk or disco” would ring an alarm somewhere.) Then you kept relogging and booting them out. Then they went to battle.net and changed your battle.net password.
Their approach to looting your account is amateurish. I could suggest a couple simple ways (but I won’t) they could keep from getting stopped (given that blizz doesn’t care enough to do anything). So I imagine this is opportunistic, i.e. a kid who read your password over your shoulder at a cafe, or a ‘friend’. Or they could just be stupid. In general criminals are pretty stupid.
Update (Sunday 10am): Just received a whole bunch of in game mail message from Blizzard with items and gold. I think it’s all there. And there’s stuff that I didn’t even realise was missing from my bank! Anyone need 20 Felcloth?
Haven’t actually chatted to a GM yet – everything has happened via tickets and mail messages. No idea if they caught the hackers
To be fair, Mac OS has never been invulnerable to malicious software — the market was just too small to be worth the effort. All that has changed with their resurgence in popularity. So much so that in Snow Leopard (10.6) Apple has included a rudimentary antivirus program. Malicious links, downloads and many other exploits that long have been used to compromise PCs have been appropriated and re-aimed at Mac users, so it’s not out of the question to consider it a possible entry-point for your recent privacy/account breach.
… glad to hear (from you and all the commenters) that Blizz has a policy of replacing lost loot.
here is how i solver all the issues without authenticator
1.- install firerox (use this instead of explorer)
2.- get the add on for firefox NoScript ,
That will only allow the website you want on your machine and will block everything else, even if you click and bad link by mistake, no script will not let any program to run without your permition.
The week that most of my guild converted to Battle.net accounts, five guild members got hacked; the week after, it was four, one including an officer with full access to our guild bank. From what we could tell, the battle.net site had effectively “activated” keyloggers that were already on our guildies’ systems, resulting in complete chaos as we waited every day to find out who’d been hacked next – the gmotd was changed to alert us all of free available anti-spyware and antivirus programs, whilst gbank access was changed to absolute minimum and we all changed our passwords and prayed that our guild master didn’t get hacked. He didn’t, fortunately. Interestingly, the GMs were on call 24-7, and everyone got all of their items back within 24 hours (although we couldn’t recover most of what we lost from our guild bank) – so it looks as if Blizzard had been expecting something like this to happen.
Of course, two weeks earlier someone who hadn’t logged on for two months had turned up, looted the guild bank, said “hi i dont know any1 here so im leaving” and gquit. Turned out a guildie had sold/given away their account without bothering to warn us or leave the guild. On the whole, we’d rather have been hacked >.>
Great to know you got your stuff back!
I was hacked, the hacker also changed the password of my hotmail account then deleted my main (probably in a fit of rage; I didn’t have much gold).
Apparently he used whatever emblem of mine he could to purchase valor bracers, then DEed all my Soulbound epics.
The GMs returned EVERYTHING to me (including some greys and stuff that I had originally vendored myself) and I was left with 120 Abyss Crystals and 2 EoV Bracers and 2k more gold than I had before I was hacked.
A very stressing, yet funnily profitable ‘getting hacked’ experience.
Cassandri, I have to ask, are you using WoWMatrix? If so, I would place the blame squarely on that and not hotmail or your security question – do a google search of “wowmatrix keylogger” and you’ll find lots – the latest build of wowmatrix has even been reported to McAffee and Symentac as a keylogger. Many of my guildies got nailed by this one – if you still have it on your system, get rid of it!
@Nantosuelta I am using WowMatrix. Well I installed it many months ago and have run it to autoupdate my addons twice, I believe.
Assuming that the WowMatrix also installed some keylogging application, how can I be certain to remove that, too? Dumping the WowMatrix app into my trash bin wouldn’t fix the problem, would it? Or is WowMatrix a problem only when you actually run it (sending sensitive keylogged info to gold sellers)?
Well, one of the nasty things of the new battle.net is that many, many people use the email with which they blog or join mmo-related sites to log in with. Before the merge, everyone could have either an email adress (if they changed) or a username (if they did not). This means that people who want access to your account need 2 pieces of info to get in – username/email and password.
After the required merge, I have seen compromised accounts reach a new height. Last year one hacked account in my WoW friends’ circle, and now almost 2 per month. Why is this?
Partly due to the keyloggers, but also the required merge.
Let’s say that there is a person with a toon named Fizzle. Before the merge, her account name was Pierre (after her boyfriend) and her password something ecclectic.
After the merge, because she loved her toon Fizzle, she used her fizzle@hotmail email address, which also is the one with which she is registered on her guild site, fansites, and mmo-champion.
Anyone who wants to hack Fizzle now has 1 piece of info – her email address. Using algorythms and scripts it is possible to generate an endless stream of passwords until the account unlocks (I have no idea if an account hardlocks after X tries, however).
TL;DR: Create a special email for your account and never use it for something else, or get an authenticator. Else you are quite at risk of having your account compromised. And it sucks, believe me.
.-= Natarumah’s last blog … DPS Q&A – Bring the pain =-.