Blizzard account hacked for the 6th time

[TriGGeR_HaPPy]

Battle.net Authenticator

This.
Seriously, get it. It solves all these silly problems straight away.

Just registered for it, haven't used it yet - but I'm assuming everytime I want to play Starcraft now I am going to get a text with some Captcha numbers to fillin to my login?

Something like that, yeah.
Each time you want to log in, it asks for your username and password like normal, as well as the authenticator key too. You look at your authenticator, which creates a new series of numbers and letters every 20 or 30 seconds which you enter at login time. Without your authenticator, other people can't really guess your authenticator key at all, and hence can't log in to your account. ^_^

(I'm not sure if you need to sign it up for both your WoW and Starcraft account seperately, or whether once you sign up for using it you then have it linked to all your Battle.net accounts at once... I only ever used it for WoW, back when I still played.)

 

[winter2]

This makes me very angry at Blizzard for allowing this to happen - would they not have the ability to detect when my account is being accessed from another city/state/country?

I'm sorry but why are you angry at them and not yourself? If I'm mistaken about this I apologize but I'm imagining your account was hacked through some fault of your own such as playing on a non-secure system or responding to a phishing attempt.

I've never had an account, WoW or any other hacked (except my PSN, which happened to every single user so I don't count that) because I make sure the systems I play on are secure and I have common sense enough to know when someone is trying to phish for my account information.

Your right, I am probably lashing out in anger, I haven't seen any sort of IP blocker option and my password was "two random words + my social security number + my birthday" so if that's not enough, we're all screwed, my password was 33 characters long.

Wait what....

You used your SOCIAL SECURITY NUMBER in your password??? AND add to that your birthday????

What the hell??

So not only did you get phished or keylogged.. but said "hackers" also know your Social security and birthday??

I am hoping for your own sake you are trolling now.

This is exactly what I am saying, the exact format of my password was as follows: XXXXXXXXXXXXXXXXXXXX#############

So, defense mode =

1) 33 character password with letters and numbers
2) Antivirus/spam/spyware up-to-date
3) Firewall
4) No Keyloggers
5) Windows completely updated
6) WEP2 Encrypted network

.....if that's not enough then what is.

All a hacker has to do is plug in my email and click a button, I am a Computer Programmer, I know how computers work, "Hacking" is usually little more than downloading a free application on the internet and supplying an email address for it to then go brute force it's way into your private information.

Ok.. I'll bite.

Random letters and capitalization.
Random numbers.

As a computer programmer I am confident that you can agree that that plan is certainly better than yours from a security perspective.

I'm just so flabbergasted over this that I'm not sure what to even say. Like what are you going to do once you discover that your personal information is in use? Blame the banks and credit card companies?

I'll just repeat myself and say that I hope for your own sake that you are trolling.

 

[gideonkain]

Ya, I realized random characters and capitalization would be more secure, but basically we can take it to the point where it's impossible to remember and it's on a sticky note hanging off my monitor...I figured the shear size of the password would be enough...I mean, they guessed 14 numerals in a row correctly, doesn't seem like it would really studder on capitalizations....as a computer programmer, you know .toUpper and .toLower checks can be implemented in all of 30 seconds.

EDIT:
As far as worried about my banks and such, I have money in multiple accounts and a $250 lockout on it, if I spend more than that in a day, it locks the account.

I changed my Battle.net password and now I see that it was only my B-day, my Email actually had my social security number, but I JUST changed that do to this discussion.

 

[TriGGeR_HaPPy]

Ok.. I'll bite.

Random letters and capitalization.
Random numbers.

I hope you're not suggesting that for a password... Otherwise, as a fellow computer programmer I feel compelled to show you this,
http://imgs.xkcd.com/comics/password_strength.png

 

[winter2]

Ok.. I'll bite.

Random letters and capitalization.
Random numbers.

I hope you're not suggesting that for a password... Otherwise, as a fellow computer programmer I feel compelled to show you this,
http://imgs.xkcd.com/comics/password_strength.png

So using your social security number and birthday is better then.. Ok..

I'm just gonna move on from this.

 

[kotorfan04]

I have no idea? Maybe hope for the best? Learn from this and move on?

 

[TriGGeR_HaPPy]

Ok.. I'll bite.

Random letters and capitalization.
Random numbers.

I hope you're not suggesting that for a password... Otherwise, as a fellow computer programmer I feel compelled to show you this,
http://imgs.xkcd.com/comics/password_strength.png

So using your social security number and birthday is better then.. Ok..

I'm just gonna move on from this.

No, no, that's... not even close to what I said at all...
I... I didn't suggest that, did I?
If I did, I sincerely apologise, but I really don't know where you got that from. :S

 

[Keava]

Ok.. I'll bite.

Random letters and capitalization.
Random numbers.

As a computer programmer I am confident that you can agree that that plan is certainly better than yours from a security perspective.

I'm just so flabbergasted over this that I'm not sure what to even say. Like what are you going to do once you discover that your personal information is in use? Blame the banks and credit card companies?

I'll just repeat myself and say that I hope for your own sake that you are trolling.

Let me just direct You to something that might actually make You review Your view on mixed capitalization and general randomness

Spoiler

Still, majority of hacking attacks involve obtaining the password unencrypted password using social engineering (eg. phishing e-mails) or keylogers.

 

[Baldr]

Yes, that's right - this is the sixth time now I've gotten an email saying that mt password reset has been sent - I went to the World of Warcraft website to see and it turns out that the account I was on that I stopped playing WoW with 2 years ago now has gained 2 levels on my Paladin, 55 levels on my Black Knight and created a troll hunter when I only ever played Alliance.

The only reason I was able to discover my account was hacked? Because I tried to play a game of Starcraft II and couldn't log on.

So basically for months now somebody has been playing WoW for free using my account information.

This makes me very angry at Blizzard for allowing this to happen - would they not have the ability to detect when my account is being accessed from another city/state/country?

Steam doesn't let me log on to with with another computer in my own house and yet Battle.Net will allow a hacker to use my account for months.

I know Blizzard will lock account any almost any change in IP, I had this happen the other day, I was login at a friends house(same city), on an IP I had played before and they still locked my account. You must have a keylogger who knows your security question.

 

[gideonkain]

TriGGeR_HaPPy, that's awesome.
I will now use that method in the future, luckily it wasn't my SSN that was cracked, just 2 random words and my birthday, but because it happened I changed my email password which WAS my SSN - so maybe all this was a blessing in disguise

 

[Xanthious]

1) 33 character password with letters and numbers

Smells like troll in here fellas. Bnet passwords have a maximum length of 16 characters. OP is either a liar or an idiot (likely both). Nothing to see here move along.

 

[winter2]

Ok.. I'll bite.

Random letters and capitalization.
Random numbers.

As a computer programmer I am confident that you can agree that that plan is certainly better than yours from a security perspective.

I'm just so flabbergasted over this that I'm not sure what to even say. Like what are you going to do once you discover that your personal information is in use? Blame the banks and credit card companies?

I'll just repeat myself and say that I hope for your own sake that you are trolling.

Let me just direct You to something that might actually make You review Your view on mixed capitalization and general randomness

Spoiler

Still, majority of hacking attacks involve obtaining the password unencrypted password using social engineering (eg. phishing e-mails) or keylogers.

Sigh.. ok..

* rubs nose *

My.
point.
was.
that.
is.
certainly.
better.
than.
his.
plan.

And nowhere, nowhere.. I repeat nowhere did I state that I would recommend that as a method. For example, mine is different, but may or may not include random letters or capitalization.

Sheesh.

 

[Lyri]

Yes, that's right - this is the sixth time now I've gotten an email saying that mt password reset has been sent - I went to the World of Warcraft website to see and it turns out that the account I was on that I stopped playing WoW with 2 years ago now has gained 2 levels on my Paladin, 55 levels on my Black Knight and created a troll hunter when I only ever played Alliance.

The only reason I was able to discover my account was hacked? Because I tried to play a game of Starcraft II and couldn't log on.

So basically for months now somebody has been playing WoW for free using my account information.

This makes me very angry at Blizzard for allowing this to happen - would they not have the ability to detect when my account is being accessed from another city/state/country?

Steam doesn't let me log on to with with another computer in my own house and yet Battle.Net will allow a hacker to use my account for months.

6 times and you're STILL blaming the company?

How naive can you possibly be honestly, you need a better password, scan your computer for keyloggers and get an authenticator or delete your account.
That's ridiculous.

I've played the same length of time as you, haven't been hacked once.

 

[gideonkain]

Yes, that's right - this is the sixth time now I've gotten an email saying that mt password reset has been sent - I went to the World of Warcraft website to see and it turns out that the account I was on that I stopped playing WoW with 2 years ago now has gained 2 levels on my Paladin, 55 levels on my Black Knight and created a troll hunter when I only ever played Alliance.

The only reason I was able to discover my account was hacked? Because I tried to play a game of Starcraft II and couldn't log on.

So basically for months now somebody has been playing WoW for free using my account information.

This makes me very angry at Blizzard for allowing this to happen - would they not have the ability to detect when my account is being accessed from another city/state/country?

Steam doesn't let me log on to with with another computer in my own house and yet Battle.Net will allow a hacker to use my account for months.

I know Blizzard will lock account any almost any change in IP, I had this happen the other day, I was login at a friends house(same city), on an IP I had played before and they still locked my account. You must have a keylogger who knows your security question.

Haven't had any IP blocking ever, I have had my account suspended for "change in play activity"...i.e. I wasn't playing for weeks at atime then I suddenly wanted to log back in.

It's hard to follow the paper trail, but it looks like these hacker-made characters were created before I even bought Starcraft II....so in the span between Lich King and Starcraft 2 launch is when all this happened, and then my WoW account was suspended for invetigation for like 90 days or something, but that never affected my ability to play Starcraft 2, and I only now just got an email saying that all my gold and crap has been restored (in a game I haven't played in years)

 

[TriGGeR_HaPPy]

*snip*

Apologies... I appear to have become a bit of a ninja.

TriGGeR_HaPPy, that's awesome.
I will now use that method in the future, luckily it wasn't my SSN that was cracked, just 2 random words and my birthday, but because it happened I changed my email password which WAS my SSN - so maybe all this was a blessing in disguise

Hehe, exactly, just learn from this experience, and hopefully nothing really bad comes of this.

 

[gideonkain]

1) 33 character password with letters and numbers

Smells like troll in here fellas. Bnet passwords have a maximum length of 16 characters. OP is either a liar or an idiot (likely both). Nothing to see here move along.

or you could have looked at the exact previous post and see that I realized that it wasn't what\as long as I thought

Thanks for calling me a lying troll idiot for being victimized

In the time it took you to screenshot that, make it png format, save it to HDD, upload it to imageshack just to call me out, you could have actually read what I had written...instead you wanted to feel awesome about yourself for being a Troll Detector...well, you are awesome DUDE BRO MAN!
so, so awesome.

 

[ElPatron]

This makes me very angry at Blizzard for allowing this to happen - would they not have the ability to detect when my account is being accessed from another city/state/country?

I never used such a system, what if I do want to move? Or what if I am using a proxy? Or a WiFi network?

 

[Robert Ewing]

Battle.net Authenticator

This. It really is the ONLY way to bullet proof your account, it's extremely difficult to bypass, maybe impossible if they couldn't physically get to your authenticator.

The one problem I have found with it is that it's battery life, and you will lose it a lot. Which seems likely as you go months at a time without logging onto the blizzard service. So don't fucking lose it, if you lose your authenticator then it will be 30x more difficult to retrieve your account than if it just got hacked.

 

[ThreeKneeNick]

Get a unique email for battle.net and don't use it for anything else ever. An account is not going to get hacked if there is no record of it's existence in leaked email databases (unless keyloggers). Also when that email receives a mail claiming it's from Blizzard you can be certain that it actually is from Blizzard. A 10 character password is sufficient as long as it's not a dictionary word, it's going to take a computer years to crack. And the most important thin if this really is the 6th time you account was hacked, scan your computer with every anti-virus and anti-malware utility you can get your hands on. If you do all that i don't think you really need the battle.net authenticator.

 

[Xanthious]

1) 33 character password with letters and numbers

Smells like troll in here fellas. Bnet passwords have a maximum length of 16 characters. OP is either a liar or an idiot (likely both). Nothing to see here move along.

or you could have looked at the exact previous post and see that I realized that it wasn't what\as long as I thought

Thanks for calling me a troll idiot for being victimized

Fella, if you've had your account hacked six times you stopped being a victim around the third time. Furthermore, if you are STILL blaming Blizzard it's time to take some personal responsibility. Damn near every account that gets hacked is due to user being wreckless and clicking or going someplace that isn't safe.