Blizzard account hacked for the 6th time

[gideonkain]

Get a unique email for battle.net and don't use it for anything else ever. An account is not going to get hacked if there is no record of it's existence in leaked email databases. Also when that email receives a mail claiming it's from Blizzard you can be certain that it actually is from Blizzard. A 10 character password is sufficient as long as it's not a dictionary word, it's going to take a computer years to crack. And the most important thin if this really is the 6th time you account was hacked, scan your computer with every anti-virus and anti-malware utility you can get your hands on. If you do all that i don't think you really need the battle.net authenticator.

It seems to happen every few months.

Granted I haven't been watching an account on a game I don't play more closely...

but I'm just upset that no matter what I do, somebody (probably six different people) can just run an app, crack my password and play on my account.

 

[Excludos]

This has to be a troll. As I said above, He said he quit WoW, which means he obviously stopped paying for it (Unless he's THAT retarded). A "hacker" is not going to pay to play on someone else's account. So there's no way ANYONE played WoW on his account, because it is not paid for.

Funny stuff: Yes they do. Brother of mine had the same issue. I have him added as realID, so I saw him go online in WoW while I was playing sc2. I knew he hadn't played it for ages, so I was getting curious. When I tried to speak to him, there was no response. I just shrugged and kept on playing. The day after he told me he had gotten his account hacked. Someone had payed for the subscription, leveled his pala 20 levels, and bailed with the gold and gear.

Of course, he couldn't care less as he wasn't playing anymore. But it is hilarious to see hackers actually pay for the subscription for the accounts they hack.

 

[gideonkain]

This has to be a troll. As I said above, He said he quit WoW, which means he obviously stopped paying for it (Unless he's THAT retarded). A "hacker" is not going to pay to play on someone else's account. So there's no way ANYONE played WoW on his account, because it is not paid for.

Funny stuff: Yes they do. Brother of mine had the same issue. I have him added as realID, so I saw him go online in WoW while I was playing sc2. I knew he hadn't played it for ages, so I was getting curious. When I tried to speak to him, there was no response. I just shrugged and kept on playing. The day after he told me he had gotten his account hacked. Someone had payed for the subscription, leveled his pala 20 levels, and bailed with the gold and gear.

Of course, he couldn't care less as he wasn't playing anymore. But it is hilarious to see hackers actually pay for the subscription for the accounts they hack.

Thank you, this is exactly what happened...why in the world are all my WoW characters "better now"?

My Battle.net account says there have been no transactions at all...so all this must have taken place before Battle.net 2.0 was launched

 

[Nalbis]

Stop buying gold and registering to their websites using the same email and/or similar password to your WoW account. 'Dem farmers be sneaky!

 

[gideonkain]

Stop buying gold and registering to their websites using the same email and/or similar password to your WoW account. 'Dem farmers be sneaky!

That's so funny, I'll defiantly stop buying gold for a game I haven't played in years - your input has been invaluable.

Assuming, invaluable means completely useless.

 

[Wolfram23]

You should probably stop responding to the fake "your account information blah blah blah" emails. Mouse-over their "official" links and you'll see the websites are usually like www.warcraft.battle.net.taipei.com/accountinformation.html

As in, clearly fake.

 

[DracoSuave]

All a hacker has to do is plug in my email and click a button, I am a Computer Programmer, I know how computers work, "Hacking" is usually little more than downloading a free application on the internet and supplying an email address for it to then go brute force it's way into your private information.

Hackers don't guess passwords for WoW, and they don't Brute Force anything. This is too much work, when people are willing to run keyloggers and spyware and all sorts of things that take all the guesswork out of it.

Two thirds of the time, an account was 'hacked' because the owner of the account handed their email and password to the 'hacker'. 'Need your username and password for Blizzard!' says website. 'Okay!' says foolish user. Bam. Taken.

The other third of the time, somethings running that's logging your keystrokes. 'That looks like an email address! That's some phrase after an email address! Try it? SUCCESS!'

The most secure password in the universe won't protect you from this, because in both cases, they're not guessing your password, you're just telling it to them.

6 times? Yes, you're giving it to them.

 

[gideonkain]

You should probably stop responding to the fake "your account information blah blah blah" emails. Mouse-over their "official" links and you'll see the websites are usually like www.warcraft.battle.net.taipei.com/accountinformation.html

As in, clearly fake.

Pretty sure it's the lack of interactivity that caused this, I didn't respond to any Blizzard/WoW emails. they all just get directed into Spam and cleared.

It was only when I searched my history and discovered something from 2 months back that I started to realized something had happened.

It seems the posts on this thread only come in two varieties:

1) It's your fault, you are newb, the rest of this message is about how well I protect myself.

-or-

2) Yep, happened to me too...sucks right?

Basically, it can happen to anyone no matter what your password is - I am jumping through the hoops to get the Authenticator attached to my account now, that should protect me from Battle.net intrusions.

 

[VladG]

1) 33 character password with letters and numbers

Smells like troll in here fellas. Bnet passwords have a maximum length of 16 characters. OP is either a liar or an idiot (likely both). Nothing to see here move along.

or you could have looked at the exact previous post and see that I realized that it wasn't what\as long as I thought

Thanks for calling me a troll idiot for being victimized

Fella, if you've had your account hacked six times you stopped being a victim around the third time. Furthermore, if you are STILL blaming Blizzard it's time to take some personal responsibility. Damn near every account that gets hacked is due to user being wreckless and clicking or going someplace that isn't safe.

Have to agree here. Never had my account hacked, and as far as I know, with current encryption methods it's next to impossible to brute force a password in any decent time.

Blaming Blizzard for this is stupid, especially since they offer their authenticators free. You are the only one to blame for not properly protecting your account, especially after it got hacked FIVE times before.

 

[gideonkain]

1) It's your fault, you are newb, the rest of this message is about how well I protect myself.

see?

If it hasn't happened to you, you assume that your secure - it's only until it happens that you see that you were never secure in the first place.

 

[Scrythe]

I'm reading this as "This is the 6th time I got hacked for my own incompetence and lack of internet security knowledge. THIS IS ALL BLIZZARD'S FAULT!".

In other words: entitlement.

There are numerous ways you could have prevented this, and yet you're surprised when the possible scenario happens? Just be thankful that the person playing your account wasn't more malevolent about it, or this could have been really ugly.

 

[DracoSuave]

I get emails saying my account got hacked all the time.

All of them are fakes, and responding to them only ends in self-fulfilling prophesy.

 

[Frost27]

This has to be a troll. As I said above, He said he quit WoW, which means he obviously stopped paying for it (Unless he's THAT retarded). A "hacker" is not going to pay to play on someone else's account. So there's no way ANYONE played WoW on his account, because it is not paid for.

Yes, they will.

I firmly believe that Blizzard (not in official capacity, but someone in their employ)sells account information, particularly to gold farmers and exclusively accounts not in current use. Last year, I cancelled my account and on the day it ended, I removed the authenticator (It was tied to my cell phone and I knew if I ever went back I wouldn't have the same phone so I didn't want to go through the shit of having to go through blizzard to bypass my own authenticator) and I got an email TWO HOURS LATER that my password had been changed. I called Blizzard CS and they locked down the account and I got the password changed back.

They (gold farmers) had stripped every character and placed a game card on the account.

The password in question was unique to the account and it just happened to be two hours after I removed the authenticator. Too much of a coincidence.

 

[samaugsch]

Hmm. Maybe I should check my account to see if anyone reactivated it... >:3

 

[Nalbis]

Stop buying gold and registering to their websites using the same email and/or similar password to your WoW account. 'Dem farmers be sneaky!

That's so funny, I'll defiantly stop buying gold for a game I haven't played in years - your input has been invaluable.

Assuming, invaluable means completely useless.

Take a joke buddy, jheeez. In truth though that's what I assume happened to me when my account had its password changed, I changed it back to something different and then it never happened again. I learnt my lesson.

 

[Sight Unseen]

I've gotten emails from blizzard at least twice saying that they have information saying that I'm trying to sell my WoW account for money.

I have never played WoW. Well, I've done the 1 day trial and then never paid or went back to WoW.

I emailed them back and just said to ban my account. because it's clearly not me playing it.

 

[zuro64]

This makes me very angry at Blizzard for allowing this to happen - would they not have the ability to detect when my account is being accessed from another city/state/country?

Steam doesn't let me log on to with with another computer in my own house and yet Battle.Net will allow a hacker to use my account for months.

Well first of all they can see that you login on another computer somewhere in the world but how should they know that that isent just you moving around?

Secondly your Steam account is protected from usage on another computer(exept when you have authorised it) because they have your credit card number so that has to be protected!

Might want to check your credit card record or bank account for payments that you dont recall ever have made if you had it connected to Battle.net

 

[VladG]

1) It's your fault, you are newb, the rest of this message is about how well I protect myself.

see?

If it hasn't happened to you, you assume that your secure - it's only until it happens that you see that you were never secure in the first place.

I do however have an Authenticator. That makes me as secure as possible, and if I do get hacked, well, I did all I could(I also don't point out what my passwords consist of on forums, but that's just me probably being paranoid or something). My point was more on the lines of "you don't really have a right to whine when you don't pay enough attention to security". If I did get hacked, I would not blame Blizzard.

If you want to call yourself a noob, be my guest, it's not a comment I'm entitled to make. I will however say that you really like to play the victim.

 

[Lug100]

First of all, six times?? Really? I think someone really needs to check their computer(s) for keyloggers, only way i can think of that it would have happend 6 times...

... my password was "two random words + my social security number + my birthday" so ...

Now i think the real problem here is not your WoW account, but the fact this intruder now has this password.. Seriously your social secuirty number + your birthday? There's an awful lot of bad things bad people can do with this information... Seriously, theirs a reason most websites etc. tell you not to use personal details as passwords, its not just so your freidsn cant guess it..

EDIT: i see now that what i've said above has been mentioned before by a fair few people, sorry for repeating it

 

[AngelBlackChaos]

Your right, I am probably lashing out in anger, I haven't seen any sort of IP blocker option and my password was "two random words + my social security number + my birthday" so if that's not enough, we're all screwed, my password was 33 characters long.

It's very unlikely it got broken by guessing it then - which means either your system isn't secure, you fell victim to a phishing attack, or your hacker is someone you know ^^

Or he's full of it, who seriously uses a 33 character password? Certainly possible, but it's such an odd thing to that it makes me even more likely to assume one of the things you mentioned is the case. Doesn't exactly suggest sensible behaviour.

i have random formulas i make, and it tends to get me 20-25 word passwords.
it looks as random as hell too, so there is no way i would memorize it. Instead, i have a cheat sheet of questions i use.

To OP: The "hacker" could have overheard you mentioning it, if you walk around telling it to people, bragged about it on forums, etc.Words tend to be easily used as well, there are programs to figure 2 random words out.

I prefer that my password doesnt form regular words, that way they cannot just randomly figure those out.