Kel, You Too.
<– not kel
Just PFFT. Yes, another. That’s three in six days. 4:30 in the morning, but we had a certain banned-hunter online who got the account locked, so hopefully everything will be OK in time for tonight’s Mount Hyjal.
Our authenticator is on order. Do you think Blizz just gave out everybody’s password in a mass-email to create a 10-million person demand for the d@mn things?
/shiftyeyes
Comments
26 Responses to “Kel, You Too.”
Got Something To Say?
Email icon provided by Nexodyne.-
BRK’s Site Meter
BRK License Agreement
This work is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 3.0 Unported License.
BRK’s RSS Feeds
Hmmmm, I wonder if my RSA key from work would do the trick?
Just ordered mine. Anything for a bit of security, and I think $6.50 with free shipping is a bargain.
Hi, well I know how you feel. I got keylogged yesterday as well. Been playing this game for 3 years and never any trouble. Logged on yesterday morning and found myself in a different place as were I logged off.. hands shaking, started checking and bank empty, bags empty and all my gold gone. From all 7 chars. Got a nice GM online who escalated my ticket. Characters luckely still have their mounts and armour/weapons. Formatted my comp and complete re-install to be sure. Chanced my password 3 times (once because Blizz chanced it).
Today I got the standard your account is banned for 72 hours for gold selling activities e-mail. This kinda freaked me a bit. Been trying to get into contact with Blizz but no luck sofar. I just hope that they closed the account to investigate and not to tell me that this is it, too bad about your gold and items…. ./hopes…
Wow… that is really horrible.
You know what BRK, I just said that on Jacemora’s site before I came here… Blizz def just wanted to create demand.
Unlucky but i’d erm have a look at your guild site, usually the common cause with something like this
excuse my french.
F*ck*ng G*dd*mn C*cks*ck*ers
really wasn’t how i wanted to be woken up this morning.
Oh well, I’ve got a ticket open with a GM right now. So *crosses fingers*
/pat
*good luck AC*
The Authenticators sound like a great idea, it’s too bad they are only available to US WoW players. So the rest of us in non-USA can look forward to a heavy concentration of hacked accounts since we’ll be easier targets.
I guess on the up-side there’ll be more GMs to assist us unfortunate non-Americans with our hacked accounts.
I dont think the authenticators are for US only. In EU they’re just sold out, probably because of WWI in Paris. Also, we in Europe have a feature on the account management site to attach an authenticator to the account. So probably we’ll see them soon as well.
Only problem I see is the batteries inside… They/it will go empty and once the power isnt sufficient the authenticator will be out of sync with the blizz servers, and you will be unable to log in (probably just when you’re about to raid). I’ve had the same issue with the authenticator I use for my bank. After some time it didnt work anymore, and I had to get a new one. Bank is (almost) nextdoor, Blizz isnt though..
I’m just wondering how so many people get their accounts stolen… how are these keyloggers getting in?
Might want to narrow down how so many from your guild are getting hit to avoid it happening again.
And if you manage to figure it out please let us know… I’ve never really been worried about it happening to me until now.
@Meluda
Isn’t it just a USB Key, so doesn’t it just work of off USB power?
@Valthan
no it is a self contained unit with a battery power source.
@Meluda
I have the same thing for my VPN and my battery has been going strong for over 3 years now and mine is one that displays the code all the time and cycles to a new number every 60 secs. This one that Blizz is offering (if it is not cheap, which it might be when I looked at it) displays the number when you press the button so it shouldn’t draw as much power, hence it should last longer.
I think the authenticator is a great idea. I am going to order mine tonight.
Keylogging is one reason that I don’t try a lot of new add-ons anymore. I just don’t trust them all.
My favorite part is how no-one but Account Administration will discuss it with you, and they have a “don’t-call-us-we’ll-call-you” policy. Very warm-fuzzy, Blizzard CS is.
WoW must run on a DB server, however non-standard. What I don’t really understand at all is why they can’t restore hacked accounts in toto. Do they not do any sort of backups? Transaction logging? Do they have any idea what a DBM is actually supposed to do with their time?
Do I sound bitter? Just got the email myself this morning and can’t check out anything at all until I get home this evening and do some forensics on my box. Guess I won’t know the status of my account until they contact me.
And yeah, the timing of this mass account hijacking event is really…. interesting.
/tinfoilhat and grrrrr
@Eisenerz
I use the remember account name feature, but it would only work if you had a key logger. Other malicious programs would be able to access the account name I’m sure, since it has to be stored somewhere.
@Meluda:
There’s this place you might have heard of. It’s called “Australia.” It turns out there’s a *whole bunch* of places that don’t fall into either “Europe” or “America;” crazy, I know!
That said, I’m not terribly impressed with Blizzard right now…
Okay wait….
This thing sets on your desk and does nothing until you decide you need to sign into WOW. No connection to the Blizz mothership that I can see. Yet, you push the button and get a code. 123456789 for example purpose. How does Blizz now you got that random number from your authenicator or your drug induced stupor?
I speculate that the announcement of the authenticator and a rash of account thefts could actually be related, but not in a tinfoil hat sense. WoW account theft probably is not that similar, but in the case of credit card theft, such thieves will often sit on a stolen account for a long time before actually utilizing it for anything. It may be that the keyloggers have also been sitting on stolen accounts without plundering them. But now that their victims could potentially lock their accounts down with an authenticator, they have reason to work through their password lists and steal while the stealin’s good.
Then again, it could just be coincidence.
@For the Pie: In a nutshell the authenticator and a secure login server on the other end have the same key pairs, and so every X seconds/minutes a new code is generated on both ends from the key pair. When you log in the server will ask for the authentication code. Press the button on the authenticator and it will display the latest code. Enter the code and in you go.
This login method is most likely still hackable mind you because nothing is 100% foolproof, but this is a huge step in security.
It still doesn’t change people’s internet habits and security precautions, so people will still get hit with trojans and viruses.
Oh noes!
Man this is just awful, I’m doing a scan when I get home.
I don’t want all my golds gone.
@Kel — if you’re on tonight, you’re getting a /hug
@Meluda;
Yes, if you go to the North American (ie USA) Blizzard store, the Authenticator’s are marked as Available In The US Only. Like Itsnoteasy says, there is Euro and USA availablility, but places like Australia and Canada are not European nor American, so we’re pretty much screwed and left to lesser security vulnerabilities.
Apparently, there are two new keylogger worms, Taterf and Frethog, that have spread like wildfire recently, infecting millions of machines worldwide. China got hit considerably harder than the rest of us. There’s an article on WoWInsider (and a helpful link to the Microsoft article), but I don’t think I can link to them from here.
I would agree to look at your guild site. Shut down your forums and only post announcements while cleansing it, look at every plugin used in the site. There have been cases of popular forum software plugins doing things.
So there I was logging into my last known location… Shat
Suddenly the splash screen was different.
“I didn’t log off when in an instance”
Logs in and I am sitting outside Gruuls Liar.
“Hmm.. I guess I forgot to stone the other night.”
Clicked on my Hearth Stone on my toolbar. Poof i was in Shat.
Went over to check my mail.
There it was50 of 50 new mailbox items.
WoW.. someone sent me Gold? Did I promise to make them something? WTF? I dont remember. I collect the 478 gold and whisper the toon in game.
Toon is not on of course. So I quickly type up a new mail to the toon that sent me the gold and ask what I was supposed to send him for the gold? …..
I open the next mail… more gold, different toon. WoW ??
I do not take the gold and start going through the mail.
All these toons sending me gold? I was like holy frik!!!
I knew right then that I was the recipient of a huge amount of gold.. I added it up in my head without collecting and it was well over 43,000.
So now what do I do? Naturally… I called a GM
I meant “I agree [with the suggestion] that you should look at your guild site” not “i would agree to look” since I can’t look I am not a security expert.
wtb english skillz
I’ll be honest, after getting hacked once, that was enough. I created an Excel spreadsheet that creates random passwords using ALL of the characters Blizz allows. They’re impossible to remember, of course, but they’re the most secure passwords I can make with what’s available.
I fully intend to get an authenticator, though. There’s been too much hacking going lately to not take the precaution.