WoW Account Hacked… Officially No Longer News

I know maybe 20 people who both play World of Warcraft and who would bother to let me know if their account had been hacked.

And 20 might be stretching it.  A dozen might be closer to the mark.

But let’s call it 20, because I know it is more than 10 and 20 is a nice round number.

And as of this week, five of them have had their accounts hacked.

I received an email from a friend with this screen shot attached.

Account Disabled

That was Tuesday.

I figured that it was maintenance day, maybe that was the cause.  Strange things happen on Tuesdays.

After all, this friend of mine works in a security conscious industry, uses strong passwords, and plays WoW on a Mac.  An unlikely candidate for this sort of thing, right?

But no.  After getting in touch with Blizzard support, it turned out that his account had been hacked.

The usual routine.  Characters stripped or deleted.  I didn’t ask if there was a guild bank involved.

He now has the Blizzard Authenticator app on his iPhone, so he is better protected.  There shouldn’t be a “next time” in any case.

But having something like 25% of the people you play WoW with get their accounts hacked moves this sort of thing from a rare and tragic event to something akin to, say, losing a cell phone.  It is inconvenient, but it happens all the time.  It ceases to be newsworthy.

I would like to know how so many accounts get hacked.  That would be worthy of a post.

17 thoughts on “WoW Account Hacked… Officially No Longer News

  1. Chris

    I just don’t get how a company charging $15/month thinks not ensuring its customers’ security is a good thing.

    But, hey, keep on paying it.

    Like

  2. Thomas

    The hackers never seem to give up. I now get at least 2 emails a day in my spam folder claiming to be from Blizzard account recovery.

    Like

  3. jericho

    Only 2? I get about 12-15 every 2-3 days in my “Blizzard Spam” folder. I haven’t received an authentic Blizzard email in a very long time.

    Authenticator should come with every Cataclysm box.

    Like

  4. KiTA

    Hearing that this is happening due to a bug in flash. You view the banner ad (that appears in line on webpages) and whammo, you get a keylogger installed. Don’t have to click on anything or even go to a phishing site, and since they’re going through legit ad services, it’s not a specific website or whatnot that will get you infected. Same as that “Antivirus 2010” crap that appears every so often.

    Like

  5. Bhagpuss

    I had my first ever WoW phishing emaill this week. Horribly mispelled. I almost never get spam so it was a bit of a surprise.

    I haven’t attempted to log into my WoW account since I unsubscribed almost a year ago and probably never will now. I don’t think I’ll be buying Cataclysm now that there’s EQ2x, Free LotRO, DDO, Zentia, EQ’s Housing expansion, EQ2’s Velious expansion and several very interesting betas to occupy me between here and when all the big, really exciting games launch next year.

    It’s probably a moot point anyway, though. I pretty much expect that if I did ever log into WoW again all my characters would be gone, so should the urge to try Cataclysm take me I’ll probably just start a new account and begin from scratch. Since I’d be playing a Goblin, I pretty much would be doing that anyway.

    In fact, as time goes on I feel more and more inclined, when returning to old MMOs, just to start over. I just did it in Guild Wars and I think I am enjoying it far more than if I’d fired up my old, levelled-up characters.

    Like

  6. Drew Shiel

    A major Irish bulletin board (boards.ie) was hacked earlier this year, in such a manner that passwords were compromised. Since then, anyone who was using the same username/password combination for that board and WoW – which is a considerable number of people – has been hacked.

    I’m among these, and annoyingly, at the time of the hack, my passwords were different. Later, however, I had to change my WoW password for some reason – I think it might have been the battle.net thing – and unthinkingly, I changed it to the same old password as the bulletin board. Within days, the account had been hacked, characters deleted, stripped of all gold and valuables, etc.

    It’s now at the stage, essentially, where, when a hacker (for which read organised crime, rather than kid in basement) gets a username/password combination, WoW is one of the things they’ll try it on. It’s easy money if it works, and no loss if it doesn’t.

    Like

  7. nty

    my wife got hacked today with a keylogger, and we are computer saavy people. they don’t necessarily have the ability to change your PW and spend tons of time stripping your characters but they do get a chance to buy primordial saronites and send all your gold to a third party.

    it only takes a couple of seconds to steal 20,000g and an authenticator is not guaranteed security.

    Like

  8. Ysharros

    Wow. Another reason, I suppose, that if I ever do try out Cataclysm I’ll probably do it with a new account. If my old account has been hacked (not that there’s actually anything worthwhile on it) I don’t think I want to know.

    Like

  9. mbp

    Ouch Drew. I have a Boards account and I remember getting emails at the time they got hacked advising me to change my passwords. I just ignored it because I wasn’t very active on Boards and I didn’t think it was a big deal. I didn’t think of the consequences for other websites. Happily I don’t use that login for any important (read money related) stuff. I will sure be less complacent about re-using passwords in future.

    Like

  10. Peter

    Been playing four years an no phishing emails…blizz does thoer job, they aren’t being hacked, you are.

    Like

  11. Chris

    The authenticator is a step in the right direction, and yes, the authenticator is very cheap, but shipping it anywhere outside the US is NOT cheap, and is the main reason why I have not bought one yet. Shipping to Australia adds 400% or more (if I remember correctly) to the cost of an authenticator.

    Like

  12. Piacenza

    Chris – so if an authenticator costs, say, 6.50, a 400% increase would make one cost about $33. Sucks, I agree, but still – I would pay a one-time fee of $32 to secure something I thought was valuable and vulnerable.

    Get the free version. Oh I think I remember you- there is no free phone version compatible with your cellphone. Better yet, get a friend in the US to buy one and send it to you – looking over at the USPS website, it costs $5.64 to mail a 6-oz first class parcel to Australia.

    Like

  13. Ngita

    Your security conscious mac friend? My far the greatest odds are he either clicked on phishing email and attempted to log on using his details or had a shared username/password with something that was hacked.

    Personally I shifted mine to a dedicated email when Battle.net was introduced. My old account? now gets quite a bit of spam. But even the best of it and some looks very good. I know its fake due the wrong emaill address.

    Like

  14. Loredena

    The thing I don’t get is why no one blinks twice at the suggestion that they pay to secure their account — I especially giggle at the ones who say this to people whose account was cancelled two years ago, decided on a whim to reactivate, and discovered that at some point in those two years it was hacked… The authenticator should be included in the box for all new accounts, and Blizzard should send one gratis to anyone with an existing account. It would actually save Blizzard money in CS costs in the long run.

    Like

  15. Xyd

    @Ngita – I assure you there was no phishing email clicked and the password was Wop4$toT#g0z. The email attached to the WoW accoun isn’t dedicated but it has an equally secure password. I never – ever – click a link in an email even if it’s from friends and my home network is protected by a Juniper SSG5 firewall. I’m beyond security “conscious”, I’m security paranoid.

    I am a bit confused and maybe a bit concerned though. Blizz never sent a single email that the account was compromised or disabled. I only found out by logging in.

    .xyd

    Like

Voice your opinion... but be nice about it...

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s