Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

*sigh* My WoW account was hijacked last night

Animalk said:
The problem is most probably a malicious script that runs hidden on a website you visited. That is by far the most common way theses "keyloggers" get your passwords. I would recommend you rethink the sites you visit and if possible, switch to firefox and install the NoScript addon. This addon will only let you turn on the scripts you want in a loaded website by right click on them and selecting so. These keyloggers like to hide the scripts in the bottom corners of a site and they size their frames to 0 or 1.

Good luck.
Click to expand...

So these scripts are able to pull a password that isnt saved on the game (eg. checkmark that says "save password" and its saved in some plist somewhere)

I guess i don't really understand how a script can run and collect a password...oh yea unless u close out safari or something completely while you are playing the game?
 
That sucks, I just password protected and encripted my airport, as soon as I did a bunch of other networks showed up with my neighbor's names :eek:.
Now my internet is much faster and I feel safer. Definitely a good thing to take a few minutes and protect your self.
 
Those people that insist on running Open Wi-Fi Routers/Connections deserve to get whatever happens to them. You are playing with fire. In this day of Identity Theft, having to shred everything that has account, SSN, etc to protect your credit. You would think that to take a simple step to encrypt your over the air-waves behavior with a one-time set it and forget it (Unless you are really paranoid) code on your WI-FI would be a no brainer. Yet, with some widgets on my dashboard I have 2 open around me now and when I travel it varies from 1 , 2 or more. So close down those Open Connections and use some simple password encryption. Just use common sense though on that. Nothing that is easily guessable and uses random character, numbers and special characters. I assure you that you will surf and sleep better at night knowing somebody else isn't abusing your account you pay for and not eyeballing your every movement. There are still ways of getting what you type but this is a big step towards prevention. This was not directed towards anybody here but a general statement. You should hear how I yell at my wife!! Now back to your regular programming!

Thanks!

Bill.......:apple:
 
What is shocking is that Blizzard knows that WoW passwords are high value, and yet why do they not use encryption to when transmitting login info to their servers? This way even if you are on an open Wifi network or if someone is packet sniffing a wired connection, no one will be able to see your password.
 
80% of the gold sold online are not from chinese farmers but from hackers that supply gold to the farmer groups in china.
 
Mine was recently hacked, too...

I just experienced a similar hack. I was playing Saturday night with my only character, a 62 blood elf hunter. I'd been working on leveling up my herbalism, alchemy, and fishing and got disconnected a couple times but thought nothing of it. I stopped playing around 11:00 pm (what can I say - I'm old), and when I checked my email the next morning I had three emails from Blizzard. The first was a notification that my WoW password had been changed, the second was a notification of a password reset, and the third was a notice that my account had been suspended for 72 hours due to unauthorized software that gave me an unfair advantage. I send them an email explaining the situation, and in the mean time started googling around to see what I could learn about WoW accounts getting hacked. I just this morning got my account re-activated and have changed my password, there there's a WoW update so I haven't been able to get into the game to see what the situation with my hunter is.

After reading the various threads about this on the WoW forums and other places I've seen repeated speculation that much of this account hacking is due to keystroke loggers. While that could be an issue for some hacking, I doubt that's what happened in my situation. Partly this is because I play WoW on a Mac, but the most compelling piece of evidence is that whoever hacked my account requested a password reset to my account. This seems odd to me for a couple reasons. First, they had already changed my password, so there would be no reason for them to reset it, especially since that reset notification gets sent to me. The more suspicious aspect of this however is that in order to request a password reset you have to know the answer to a security question. In my case, that security question was set up a couple years ago when I first created my WoW account and I have *never* used it in WoW or anywhere else. Also, that question and answer text (even just the answer text, which is exceptionally obscure) appear *nowhere* on any of my computers. This was absolutely not a case of keylogging - there has to be some other security weakness in the WoW system, perhaps akin to an SQL database issue or something, since I know other web sites have had issues with that in the past.

I see that the WoW update has just now finished, so I'm going to check on my hunter and see how bad things are, but I thought I'd share my experience as another data point.
 
You should likely get your accounts equipment restored, although I've heard in some cases gold and or common items (ore, minerals, etc.) are not always restored.

Also, keylogger links run rampant on the wow general forums and other wow related sites but with all things on the internet, common sense and general knowledge of your whereabouts are key. Clicking the "most sex girl ever" link is not going to give you the results you want. generally if a person posts a link in really poor english, don't click it :p. Also check the armory of the character who posted...if they are stripped naked...it's likely not a good sign.
 
merc669 said:
Those people that insist on running Open Wi-Fi Routers/Connections deserve to get whatever happens to them. You are playing with fire. In this day of Identity Theft, having to shred everything that has account, SSN, etc to protect your credit. You would think that to take a simple step to encrypt your over the air-waves behavior with a one-time set it and forget it (Unless you are really paranoid) code on your WI-FI would be a no brainer.
Thanks!

Bill.......:apple:
Click to expand...

I hear ya, but don't come down on folks too hard. The support line for my (not to be named...) home router manufacturer kept telling me to reduce/remove security :confused:!!! when I had real problems maintaining a wireless connection due to all the signals in my area. Now the notion of removing security just makes me upset :mad:, so I fixed the problem. However, if the average user was told to disable something, even security, by the company who made a router in order to make it work.. I'll bet it's turned off. On the other hand standard 128bit encryption can be force broken, by those that know how, in less than 3 days. Security is relative, I use to run NIDS, IDS, Port sentry, intra-network SSH using 2048bit blowfish, honey-pots, virus sweep, etc... and while I did catch and remove a hacker, it's a lot of work! So I take more reasonable steps now...

Just my 2 cents...
 
I have a great story from a friend.

His account was hijacked a years ago and he didn't bother with it because he went to Iraq with the military. His account was sold on ebay. When he got back, he reported it to blizzard and got his account back. Only now, not only was his 1 level 60 (that was cap at the time) on there, but 3 level 70s in full epic gear!

Whoever bought the account was still using it and using it a lot. He received some in game hate messages from the guy who had purchased the account on ebay saying how wrong the situation was, but he just moved all of his characters to other servers and now that is a happy ending :p
 
I got lucky!

So I got back in to my account when I got home from work and all my stuff was still there. My char was in Dire Maul, which must be where he was when the WoW bot detection gizmo figured out something was up and bumped the hacker off and locked my account. My action bars were all messed up, but I've got them pretty much back where I had them, and as far as I can tell the hacker hadn't sold any of my stuff or mailed away any of my gold. Either that or Blizzard restored all my stuff before I got back in, but from what I've heard that would be unusual.

So, at least my story has a relatively happy ending.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back