Hacked…and Jacked….

11 Jul

Well – I haven’t managed to get Blizzard to unlock my account – in fact – they haven’t even responded to me yet.  After realizing my account has been compromised I quickly logged on to my kids accounts and promptly changed the passwords just in case our one PC back home (we’re primarily a mac family) has been infected by a trojan horse or a keylogger.  Told the wife to shut the PC down and tuck it away until I get back.

With the help of another Soldier that plays I logged onto the game and contacted my guild leader.

“Dude – you were hacked!” He told me helpfully.

“No kidding.”

“Yeah – one of your toons logged on this morning and cleaned out tabs 4 and 5 in the guild bank.”

Gah….

Tabs 4 and 5 are where all of our enchanting materials live – our frosty orbs – our collection of inscription cards and all the sundry blues and purples waiting on beloved alts and needy guild members.

As usual – my guild leader is amazingly low key about the whole thing.  He knows I’ll fight tooth and nail to have every thing restored.  Plus – it’s just stuff.  Stuff that we can replace in a week or two of chaining heroic runs or a bit of crafting.  We’ll get it all back.

Still – there’s a nasty bit of dread that sits in the pit of my stomach.  I’m almost afraid to log in and see what poor Rainchaser and Tigerclaw are going to look like.  While I understand that Blizzard is quite good at restoring accounts after they’ve been pillaged – I know that it’s still going to feel like returning home to see your windows broken and all of your person stuff ransacked or missing.

They are virtual goods and digital things – but they’re still *mine* and the memories that go with them were bought with time, effort and the help of friends.

Some things I’ve done just in case:

  • In the past I’ve used Wowhead’s upload tool and the Curse Addon Management tool.  I’m disabling all of them on my systems.  While I don’t think either Curse or Wowhead would ever knowingly try to harm a players account by doing unsafe things with the account authentication info stored in them – they could have been compromised by something *else* – so they’re gone.
  • I’m going to get an Account Authenticator – no reason not too.  I thought I was more than safe enough – apparently I’m not.

That last part is the bit that scares me the most.  I’m fairly security conscious.  I don’t account share – I change my passwords.

So how the hell did this happen?  Hopefully Blizzard can shed some light on that for me.

Advertisements

7 Responses to “Hacked…and Jacked….”

  1. Pike July 11, 2009 at 03:59 #

    Eeek, I’m sorry to hear all of this. *hugs*

    I’ve thought about this situation a lot. I dunno, I don’t want to go the authenticator route, it seems sorta like a hassle because I tend to lose important things. But at the same time I sorta feel like I might be a possible target just cause of my blog and the way my characters are rather “out there”.

    I thought I was safe by way of being on Linux but then somebody figured out my Neopets password and I lost my Neopets account. An account that I used to regularly play on daily for a few years and I’d put a lot of hard work into. No idea how they got my password; I never gave it out. Since then I’ve installed NoScript on my Firefox, but I still don’t know how much that will help. Le sigh.

  2. euripidesoutdps July 11, 2009 at 14:22 #

    Generally keyloggers. Clicking on a link crafted to look legit can easily lead to a keylogger.

    I’d suggest you start using keepass (google it) because by default, it clears the clipboard after you copy your key into wow. It’s not perfect, but it might deter the badly written keyloggers.

    Also, since you know you probably have one, I’d suggest you format and reinstall your OS- otherwise you’ll just get hacked again.

  3. Doodle July 11, 2009 at 22:08 #

    Were you hacked while using a Mac?

  4. Syrana July 12, 2009 at 00:25 #

    I’m sorry to hear that happened. 😦

    Currently authenticators are out of stock (or at least they still were earlier this week) However, I’m extending the deadline for my contest to get one.

  5. Windpaw July 12, 2009 at 03:05 #

    @Doodle – I don’t think so – I don’t see how that would have happened. My guess is that my son’s PC laptop (which is one of our game stations back home) was somehow compromised. It’s still confusing as I’m playing Army in the Mojave right now and don’t even have regular access to the Internet. So the whole account compromise thing was a complete and utter surprise. Still no word from Blizzard – frustrating. They’re not responsive and there’s little I can do to chase the problem from here.

  6. Psyae July 24, 2009 at 13:31 #

    That’s what you get for using “password” as your password. 😉

  7. Windpaw July 24, 2009 at 15:35 #

    Psyae – you should know better man – I always use something like @ssword instead – they’ll never figure that out!

    😉

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: