Hacked

Falcon.ie

Right, I logged onto one of my accounts( I have 2) and I apparently interrupted a hacker cleaning out the contents of the account. He tried logging me back out but I relogged guessing something was up. I immediately changed the password on the account and sent a GM off a ticket.

He wiped clean a 70 shammy and all his bags/items/gear(that was vendor-able), a 63 Hunter totally everything bar the Heirlooms. He was either on my 80 DK or was about to clean him out as everything is gone from his bags along with 5 daily withdrawals from the guild bank and his bank BUT he still has all of his main gear on him, none of it touched. The odd thing is the withdraws from the guild bank on my lower char's were done only 2 hours ago now, whereas the 80 DK was 3 hours ago, yet I've still got his bags+gear. Lucky or a nice Hacker?

Anyway I got this email

From: <img id="P___1181654832" webimdisplaystyle="inline" style="display: none;"> WoWAccountAdmin@blizzard.com (WoWAccountAdmin@blizzard.com) Sent: 15 January 2010 02:42:58 To: ******************** World of Warcraft -> Legal -> End User License Agreement

and Section 8 of the Terms of Use:

Blizzard Entertainment -> Legal -> Terms of Use

A 3-hour probationary suspension is pending on this account, awaiting confirmation from a specialist. A final warning has been issued. The investigation will be continued by the Account Administration team to determine the any further suspensions. If the account in question is found in violation of the EULA and Terms of Use, further action will be taken. Be aware that any additional inappropriate actions may result in the permanent closure of the account.

Thank you for respecting our position on this matter.

==================================================================================================================
** We request that you verify your legitimate ownership of the account here:

http://www.worldofwarcraft-security-account.com
Blizzard staff will verify your account information submitted in two days, please do not modify your account information during this time . It will not affect your game uptime.
If you are unable to successfully verify your password .
using the automated system, please contact Billing & Account Services at 1-800-59-BLIZZARD (1-800-592-5499) Mon-Fri, 8am-8pm Pacific Time or at billing@blizzard.com. Account security is solely the responsibility of the account holder. Please be advised that in the event of a compromised account, Blizzard representatives typically must lock the account. In these cases the Account Administration team will require faxed receipt of ID materials before releasing the account for play.
Regards,
The World of Warcraft Support Team Blizzard Entertainment

I am wondering if its real? And also whats the best way of getting my stuff back? Open a ticket I suppose?

Cheers for any help guys.

Overheal

Dont trust that Site.

The login forms (username and password) are skewed from the background on my screen. The background image is distorted/off center. Basically, its a bad attempt at mimicking the battle.net/warcraft login screen that doesnt seem to be taking into account Widescreen Resolutions you may also notice the alternative language bars (spanish etc.) dont do horseplop. The website does not supply identity information to browser, does not list a Secure, or anything. Flag after Flag.

DO NOT ENTER YOUR ACCOUNT DETAILS UNTIL YOU HAVE SPOKEN OVER THE TELEPHONE WITH BLIZZARD DIRECTLY USING THE PHONE NUMBER PROVIDED ON YOUR GAME MANUAL.

Norton Community Watch also Lists (listed, before I reported it) the site as Unrated. Which for such a big thing as WoW, can only mean Unofficial Site.

Falcon.ie

A quick edit to that I checked the DK again and he's missing his proper shoulders/Gloves/Belt, everything else is fine. I only noticed since my gearscore had dropped below 5k. They've been replaced with some random PvP stuff. ****ing sickned now I must say.

Overheal

Well Call them up straightaway and get the Account Suspended immediately.

Overheal

Account Compromise Information Center

][cEMAN**

It's a fake. You can tell just by looking at the website. You have subdomains in a website of warcraft.com, but no hyphens "-".

I'd also say as it's a european account they wouldn't send you the american number, but rather give you a european contact - probably the paris or cork callcentre?

Seems the person you kicked out wants back in. But you could use this website as a way to find out who's doing it. It has to be registered to someone.

The Data in Paycenter's WHOIS database is provided by Paycenter
for information purposes, and to assist persons in obtaining
information about or related to a domain name registration record.
Paycenter does not guarantee its accuracy. By submitting
a WHOIS query, you agree that you will use this Data only
for lawful purposes and that,
under no circumstances will you use this Data to:
(1) allow, enable, or otherwise support the transmission
of mass unsolicited, commercial advertising or solicitations
via e-mail (spam); or
(2) enable high volume, automated, electronic processes that
apply to Paycenter or its systems.
Paycenter reserves the right to modify these terms at any time.
By submitting this query, you agree to abide by this policy.

Domain Name : worldofwarcraft-security-account.com
PunnyCode : WORLDOFWARCRAFT-SECURITY-ACCOUNT.COM
Creation Date : 2010-01-14 22:50:39
Updated Date : 2010-01-14 22:50:39
Expiration Date : 2011-01-14 22:50:36


Registrant:
Organization : Li Dong
Name : Li Dong
Address : zhe jiang li shui
City : ZhengZhou
Province/State : Henan
Country : CN
Postal Code : 321400

Administrative Contact:
Name : Li Dong
Organization : Li Dong
Address : zhe jiang li shui
City : ZhengZhou
Province/State : Henan
Country : CN
Postal Code : 321400
Phone Number : 86-0578-3121563
Fax : 86-0578-3121563
Email : rlrg@163.com

Technical Contact:
Name : Li Dong
Organization : Li Dong
Address : zhe jiang li shui
City : ZhengZhou
Province/State : Henan
Country : CN
Postal Code : 321400
Phone Number : 86-0578-3121563
Fax : 86-0578-3121563
Email : rlrg@163.com

Billing Contact:
Name : Li Dong
Organization : Li Dong
Address : zhe jiang li shui
City : ZhengZhou
Province/State : Henan
Country : CN
Postal Code : 321400
Phone Number : 86-0578-3121563
Fax : 86-0578-3121563
Email : rlrg@163.com

The previous information has been obtained either directly from the registrant or a registrar of the domain name other than Network Solutions. Network Solutions, therefore, does not guarantee its accuracy or completeness.

Show underlying registry data for this record


Current Registrar: XIN NET TECHNOLOGY CORPORATION
IP Address: 61.75.62.129 (ARIN & RIPE IP search)
IP Location: KR(KOREA)-REPUBLIC OF-CHOLLA-BUKTO
Lock Status: ok
DMOZ no listings
Y! Directory: see listings
Data as of: 23-Apr-2008

Hello mr dong...

Now if I were a bad person, and wanted to get my own back, i'd probably find out if there's someone who can do a better job of getting into someone's system than he did. But i'm not a bad person and thoughts of doing such a thing would be wrong....wrong....but fun

Alternatively, you could call him and ask him nicely to stop

fuelinjection

Falcon.ie wrote: »

I am wondering if its real? And also whats the best way of getting my stuff back? Open a ticket I suppose?
Cheers for any help guys.

I had the same problem about 4 months ago and it was my only time to happen, all my gear and gold was gone. My character was somewhere new I had never been and the thief had changed my characters image/haircut as well. He was just mining for gold.

Contacted Warcraft by email on their website and explained the problem and asked if they could recover my lost gold and items.

Was about 4 days waiting and a fews emails back and forth just to make sure I was who I said I was.
Got 99% of the stuff back ... nice one Blizzard.

And to the muppet who wasted 4 days levelling/mining my stolen character - haha !!!! :pac::pac:


p.s. get spyware & malware protection and a good anti-virus and firewall and scan every few days. Thats how they got my password.

pwd

He probably thought you'd notice faster if your highest level character was interfered with

Overheal

p.s. get spyware & malware protection and a good anti-virus and firewall and scan every few days. Thats how they got my password.

You can also go grab an Authenticator Keychain, theyre cheap you get a pet and its an excellent safeguard. Once its paired with your account, it and your account share the same encryption key and after that it just spits out limitless numbers of random generated auth codes. Even if there was a keylogger on the machine the code is never the same twice.

Saw a Core Hound in IF last night, theyre pretty neat.

HereticPrincess

Yeah they wouldn't ask for your password through e-mail.
Don't reply to that.

Someone in my guild was hacked lastnight,
Got their character stripped, made a go at the guild bank.

Time to get myself an authenticator to be on the safe side I think.

TechnoPool

][cEMAN**

Actually the EU version is just eu.wowarmory.com

wowarmory.com is the US version, and you won't find your characters there (unless you have a US account).

Nehaxak

That's sad man
They're dirty little feckers when they get in your account.
The Authenticator is the only way to stop it happening and to be sure to be sure of your security.
If you've an iphone/itouch or access to one from one of your family, get the authenticator added to your account from it straight away. At least then you can login to your account now, report the problem to the GM's and hopefully one of them will respond when you're online and talk to you directly.

Could well be that your email account is compromised also, so think about changing it's details too.

Get the trial version of Nod32 or Avira and install on your computer to do a full scan before you go changing passwords and such though, in case you are still keylogged.

fuelinjection

Reading this again in I decided to buy one of those Authenticators from Bizzard store.
You don't have to pay any postal fee and they are only 8 Euro. These hackers seem to be getting more crafty so it is peace of mind for very little.

me-skywalker

General Info
Web Site Location Republic Of Korea


doen my research there dnt fckign trust it them bstards!

Falcon.ie

The update is anyway that I opened a ticket in game and talked to GM about it, surprisingly the ticket was dealt within 3hours. Got an in game mail shortly after saying that my problem was passed onto a specialist team and they believed that I was the victim of a keylogger somewhere along the line etc etc. So I can hopefully expect my items/gear etc back in the next "several days".

Happy out to be honest. It's pretty much stopped me from doing anything on that account for the last few days.

Nick_oliveri

Upon changing my account to a Battlenet one I found it weird that once I changed the actual Email address my account would be "filed" under I noticed that there was no verification email sent to my old email address confirming the change. Now that is a security hole (or chasm!). Fair enough, I've had no problems.

Mate of mine tried to login to his old account after I annoyed him about it, only to find out that someone had signed his account to a battlenet one and took control of it! Blizzard then informed him that he had to prove ownership of the account and that they didn't have his old email address stored in their database.

Bit stupid having no verification email sent to your old address, even boards has that I'm sure. Leaving holes like that and then selling hardware authenticators? Hmmm...

Finch*

being internetless at home i have considered net cafes for my fix, but obviously i'm worried about my account being hacked from dodgy pc's

if i get an authenticator and use it in a cafe would that mean i'd be okay?

also does anyone know any net cafes in dublin that would be good for wowing? i know there's one across the ha'penny bridge that has wow on the machines but i'm just not sure about it

Anti

with the authenticator you should be fine as you have to enter the code every time you log in. But that dosen't stop them getting your account name and password if the machine has any keyloggers on them.

Falcon.ie

Still waiting on a reply ingame...This is driving me mad, down almost 16k and just messing about on my Pally until its been resolved...Come on Blizzard!

gino85

' wrote:

[cEMAN**;64023246']Actually the EU version is just eu.wowarmory.com

wowarmory.com is the US version, and you won't find your characters there (unless you have a US account).

theres a link at the top of the us site to bring u to the eu site

Uttik

Falcon.ie wrote: »

Still waiting on a reply ingame...This is driving me mad, down almost 16k and just messing about on my Pally until its been resolved...Come on Blizzard!

I feel your pain.

After 6 year playing, I just got hacked.

Its a sick feeling. But lets see how it plays out,

The funny thing is, This could all be stopped If blizzard made the auth key cheaper and easier to get!

Companion box

Easier to get? its available on the eu online store for 7 euro, and as a mobile app for almost every single mobile phone and carrier in ireland for 50 cent.

mobile.blizzard.com

The only way i see them making it easier is by automatically throwing one at your head every time you think about protecting your account.

Uttik

Companion box wrote: »

Easier to get? its available on the eu online store for 7 euro, and as a mobile app for almost every single mobile phone and carrier in ireland for 50 cent.

mobile.blizzard.com

The only way i see them making it easier is by automatically throwing one at your head every time you think about protecting your account.

I bought it, But it will not work on my blackberry even tho, It said it would.

So shh!!

tman

r3nm0r3RASCAL permabanned for their posts last night. Apologies for anybody who had to see that...

/edit
They've been sitebanned now anyway, so never mind

2 Espressi

Mobile jobbie looks good though. My phone's not listed, so I'll wait for the fob, ordered it a few weeks ago, but I hear there's a 6 weeks turnaround for them.

StinkyMunkey

Tbh you should not have to pay for added security. The fact we pay a sub every month means they should be bending over backwards to provide one free.

Uttik

StinkyMunkey wrote: »

Tbh you should not have to pay for added security. The fact we pay a sub every month means they should be bending over backwards to provide one free.

That was my point!

Kiith

In Blizzards defense, its not their fault people are getting hacked. The majority of people being hacked simply dont know how to protect their system properly. I keep my system clean, dont click on links im not sure about, and am generally wary of anything sent/linked in forums. 5+ years and never been hacked.

It might also be cause I never have any gold :P

me-skywalker

I relogged after few month break myself... had a thread on it.. but I never got ANY reply of blizzard! I emailed them through their security breach forums with all the right info and ive since buffed my security upto the hilt since I have other self-copyrighted material I dont want robbed, and never ever got one responce form them or a GM ingame. Funny thing is I had a Guild about few years ago that had to hcange the name because it was too sensitive and they were on our case within hours, and issuing reminders before they set one themselves!

An ireland direct line is serisouly needed badly!

Uttik

Kiith wrote: »

In Blizzards defense, its not their fault people are getting hacked. The majority of people being hacked simply dont know how to protect their system properly. I keep my system clean, dont click on links im not sure about, and am generally wary of anything sent/linked in forums. 5+ years and never been hacked.

It might also be cause I never have any gold :P

Oh Don't even go there.

I have been playing 6 year, since closed beta US, This is the first time i got hacked.


My PC is cleaned everyday,

I use one PC for gaming and one for checking the net.
I have live monitoring on my server watching my network.

So again, Dont go there.

I am still unsure how the feck i was hacked.

Nehaxak

Uttik wrote: »

I am still unsure how the feck i was hacked.

Uninstall Internet Explorer from your system for a start

Didn't you login and play on your server for a few days when your pump went bust ? Are you sure your server was 100% secure, no virus, no malware ?

Just throwing some options out there.

I was 100% sure my system was perfectly fine when I was hacked a while back, I'm still of the belief my actual email account was hacked via the server I was hosting it on and they used access to that to request a new password and get in to my account.
Reason I think that is because when I logged in and was chatting with a GM about being hacked, I got an email giving a link to reset my password from Blizzard, confirmed with the GM that it was the case also, so did indeed look like they had changed my password through the request option from Blizzard.

If that makes sense hard to explain but an easy uneventfull hack of sorts to do that doesn't require a virus on the persons computer, just access to their email held online (google, whatever).

In essence, change your email passwords and if you have hosting that your email is being served from, change those passwords too. It might not have been your computer being infected at all.

Oh and yeah, uninstall Internet Explorer.

Overheal

In fairness Blizzard goes pretty beyond the realm of normal to keep accounts secure. But shipping 11 million authenticators out is neither practical or warranted.

They've set up a new security page on the main website discussing potential warcraft vulnerabilities, including the use of gold and power leveling services. Gold services because when they look up the transaction history, the funny Gold is almost in all cases traced back to hacked player accounts.

Uttik

Nehaxak wrote: »

Uninstall Internet Explorer from your system for a start

Didn't you login and play on your server for a few days when your pump went bust ? Are you sure your server was 100% secure, no virus, no malware ?

Just throwing some options out there.

I was 100% sure my system was perfectly fine when I was hacked a while back, I'm still of the belief my actual email account was hacked via the server I was hosting it on and they used access to that to request a new password and get in to my account.
Reason I think that is because when I logged in and was chatting with a GM about being hacked, I got an email giving a link to reset my password from Blizzard, confirmed with the GM that it was the case also, so did indeed look like they had changed my password through the request option from Blizzard.

If that makes sense hard to explain but an easy uneventfull hack of sorts to do that doesn't require a virus on the persons computer, just access to their email held online (google, whatever).

In essence, change your email passwords and if you have hosting that your email is being served from, change those passwords too. It might not have been your computer being infected at all.

Oh and yeah, uninstall Internet Explorer.

after i do a format, I have my own check list

IE is the first to go.

As for my server, its updated daily, And i clean my network daily. I did two scans suits today, Using 4 programs to make sure.

And as you say it, I think it was my email account they got, As i had 4 password requests.

I use 16 digits in my passwords Upper and lower case letters and numbers. So they are not easy to get.

Its not my first time on the block

As i said i have been playing 6 year, This is the first time i got hacked. And it will be my last.

But i would love to know how they did it.

Blowfish

Overheal wrote: »

In fairness Blizzard goes pretty beyond the realm of normal to keep accounts secure. But shipping 11 million authenticators out is neither practical or warranted.

tbh though it wouldn't suprise me in the least if they are planning on including a free authenticator in the box with their next MMO. The amount it'd cost to mass produce them is probably less than the amount it costs in support etc. to restore accounts/track down gold sellers.

Uttik

Blowfish wrote: »

tbh though it wouldn't suprise me in the least if they are planning on including a free authenticator in the box with their next MMO. The amount it'd cost to mass produce them is probably less than the amount it costs in support etc. to restore accounts/track down gold sellers.

You are correct here mate,

The man power/Time they are spending, On looking in to hacked accounts and restoring items is a big drain on them.

me-skywalker

thinking about this now ive used this website offgamers.com to buy a wow sub card. as I dont have a CC and it was middle of the night when my accoutn expired I needed to get in quikc so I used this site and back end of last year.

They accept Irish Laser and send you and email with a link in it, then you click on that link and it brings you to another page with the sub code.

This is where I might have got hacked from this year when I eventually relogged!!

Overheal

It would be a cool move to include the authenticators in new box sets alright. Either new Battlechests or the Expansion kits.

][cEMAN**

There aren't 11 million current subs going. They give out free month subs to people coming back to the game. They could easily take 1 month sub €10 or so, and justify that cost against an authenticator. The authenticator costs less than a 1 month sub.

The biggest issue they'd have after that would be finding a place to store all the closed hack cases.

Nehaxak

Install a copy of Secunia PSI on your computer and do a full scan, I bet people would be surprised at the amount of insecure software they have installed with known exploits.

http://secunia.com/vulnerability_scanning/personal/

Couldn't recommend it highly enough. It's not a virus scanner, it just scans your computer for unpatched and insecure programmes.