Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Fuzzy Avatars Solved! Please re-upload your avatar if it was fuzzy!

Wow, hacked again w/ authenticator

13

Comments

  • zymurgeistzymurgeist Pittsville, VAPosts: 5,211Member Uncommon

    People, an inactive account can be compromised even if you never log into it. If you use an E-mail address and password to access an unsecure site chances are it will be checked against a battle.net account. If it's the same one you use for WoW you're screwed. Even if Blizzard's security was perfect this would work. Your WoW account needs a unique E-mail address and a secure password that is never used for anything else.  The more garbled looking your E-mail and password is the better.

    "Strong and bitter words indicate a weak cause" ~Victor Hugo

  • faefrostfaefrost Atlanta, GAPosts: 199Member

    Originally posted by generals3

    Originally posted by Luthor_X


    Originally posted by Teala

    You know, there is more to this than some people wish to believe and I honestly think Blizzard has people on the inside selling account info to gold farming houses to make a little cash on the side.   To many accounts, especially inactive ones get hacked.   Plus, now people with authenticators accounts have been crompomised...and that I would not think is possible.   Some of this hacking is because Blizzard has employees that are making money selling peoples info.

     

    ^^ This

     

    I had an authenicator protected account not only get hacked, but the offending party also put a "NEW" authenticator on it. Mine was the one that you purchase from the Blizzard store, and I was the one who purchased it from the Blizzard store. I really believe that some of this is infact on their end, not all, not even most, but some, because there just isn't any other logical explanation.

     

    Also, when you add people to the equation (Blizzard Employees, Contractors, etc), anything is possible... either intentional, or accidental.

     

    Just my opinion.

    And i would add that i don't understand how some fanboys can keep on saying that it just cannot be on blizzards end and that it's always on the consumers end. Blizzard is a company and cannot be 100% safe from employees doing illegal things, a buttload of companies have employees leaking information.

    The most basic reason there is. No Blizzard employee can actually see the information we are talking about. None. Not some mysterious contractor, not a CS drone, no the server admins, and not the developers. As they say there is a reason "no Blizzard employee will ever ask you your account password" The simple fact is no member of the team can see what your actual current password is. The Database and server software, like most other enterprise level server software, simply will not ever display user passwords. The best an employee can do is reset a password. But blanket password resets on the scale we are talking about are very easy to detect. Plus many if not most of the hackings have not had the actual account password changed. There is no way for them to do what you are saying without changing the password, and they would have no way to restore it to the original once changed. 

    It isn't fanboys who are saying that it cannot be on Blizzards side. It is IT and MIS professionals. Yes companies have suffered data losses, and yes Blizzard could be just as susceptible. But it is your CC info that is far more at risk than your actual account login info. That gets stored in a retrievable form (as it does in any vendor. They need to know what your CC# is in order to use it). User passwords are unique encrypted information that does not get unencrypted. While it might be possible to reconstruct your password from the database, it would require access to the entirety of the database and probably resources similar to the FBI lab to do it. It is not something that can just be printed out or dumped to a flash drive. 

    My personal favorite of all of these claims is this particular patern. "My account was inactive for . I just reactivated it and 2 days later I suddenly got a ban notice that I had been engaging in gold spam! OMG! This muct be something on Blizzards end!!!"... Ummm no. It means that you have a keylogger on the system that you used to reactivate your account. Since it happened in a matter of hours or days it means you have one of the newer truly nasty ones. You probably want to scan your system a little more thoroughly then the expired copy of McAfee that came with it.

    You may want to read http://www.gamespy.com/articles/109/1093357p1.html if you really want to get scared about how fast and how efficient these keyloggers can be. A few months back Symantec located a chinese server recieving keylogger information that contained and was quickly using/validating MMO login information for 44 million user accounts across 18 diferent games.

  • ctshamectshame Land O Lakes, FLPosts: 104Member

    Its possible that people hack into the WoW servers and get people passwords and Usernames and store them into a large database for future use.

    Its happened with Aion , Wow and a bunch of other games seee

    http://cyberinsecure.com/antoher-crime-server-discovered-contained-44-million-stolen-game-accounts/

    image

  • generals3generals3 MehPosts: 3,307Member

    "The most basic reason there is. No Blizzard employee can actually see the information we are talking about. None. Not some mysterious contractor, not a CS drone, no the server admins, and not the developers."

     

    Tell me how they recover hacked account? Yes that method can be used to "compromise" accounts as well.

    Fere libenter homines id quod volunt credunt.
    Among those who dislike oppression are many who like to oppress.

  • skeaserskeaser Wichita Falls, TXPosts: 3,849Member Uncommon

    Alright, I hate eating crow, but I didn't really look at the e-mail and it was early this morning. Yeah, it's a phishing e-mail.

  • PhilbyPhilby Pottsville, ILPosts: 849Member

    Originally posted by ctshame

    Its possible that people hack into the WoW servers and get people passwords and Usernames and store them into a large database for future use.

    Its happened with Aion , Wow and a bunch of other games seee

    http://cyberinsecure.com/antoher-crime-server-discovered-contained-44-million-stolen-game-accounts/

    Good link, but you know it will be ignored by the Blizzard faithfull, right?

    WOW isnt great because it has 12 million players. WOW has 12 million players because its great.

  • fyerwallfyerwall Posts: 3,155Member Uncommon

    Originally posted by faefrost

    Originally posted by generals3

    Originally posted by Luthor_X

    Originally posted by Teala

    You know, there is more to this than some people wish to believe and I honestly think Blizzard has people on the inside selling account info to gold farming houses to make a little cash on the side.   To many accounts, especially inactive ones get hacked.   Plus, now people with authenticators accounts have been crompomised...and that I would not think is possible.   Some of this hacking is because Blizzard has employees that are making money selling peoples info.

     

    ^^ This

     

    I had an authenicator protected account not only get hacked, but the offending party also put a "NEW" authenticator on it. Mine was the one that you purchase from the Blizzard store, and I was the one who purchased it from the Blizzard store. I really believe that some of this is infact on their end, not all, not even most, but some, because there just isn't any other logical explanation.

     

    Also, when you add people to the equation (Blizzard Employees, Contractors, etc), anything is possible... either intentional, or accidental.

     

    Just my opinion.

    And i would add that i don't understand how some fanboys can keep on saying that it just cannot be on blizzards end and that it's always on the consumers end. Blizzard is a company and cannot be 100% safe from employees doing illegal things, a buttload of companies have employees leaking information.

    The most basic reason there is. No Blizzard employee can actually see the information we are talking about. None. Not some mysterious contractor, not a CS drone, no the server admins, and not the developers. As they say there is a reason "no Blizzard employee will ever ask you your account password" The simple fact is no member of the team can see what your actual current password is. The Database and server software, like most other enterprise level server software, simply will not ever display user passwords. The best an employee can do is reset a password. But blanket password resets on the scale we are talking about are very easy to detect. Plus many if not most of the hackings have not had the actual account password changed. There is no way for them to do what you are saying without changing the password, and they would have no way to restore it to the original once changed. 

    It isn't fanboys who are saying that it cannot be on Blizzards side. It is IT and MIS professionals. Yes companies have suffered data losses, and yes Blizzard could be just as susceptible. But it is your CC info that is far more at risk than your actual account login info. That gets stored in a retrievable form (as it does in any vendor. They need to know what your CC# is in order to use it). User passwords are unique encrypted information that does not get unencrypted. While it might be possible to reconstruct your password from the database, it would require access to the entirety of the database and probably resources similar to the FBI lab to do it. It is not something that can just be printed out or dumped to a flash drive. 

    My personal favorite of all of these claims is this particular patern. "My account was inactive for . I just reactivated it and 2 days later I suddenly got a ban notice that I had been engaging in gold spam! OMG! This muct be something on Blizzards end!!!"... Ummm no. It means that you have a keylogger on the system that you used to reactivate your account. Since it happened in a matter of hours or days it means you have one of the newer truly nasty ones. You probably want to scan your system a little more thoroughly then the expired copy of McAfee that came with it.

    You may want to read http://www.gamespy.com/articles/109/1093357p1.html if you really want to get scared about how fast and how efficient these keyloggers can be.


     You do understand that "No Blizzard Employee will ever ask for your password..." doesn't mean they cannot access your account info. All that means is that in a phone call, email or any other form of correspondence that the employee will never ask for such info. They can however access your account by looking up specific account names, email addresses, member names, etc.

    When it comes to account info, all the people really need is basic info from the account that they can later use when calling customer service. It's what a lot of Social Engineering hacks use. Incase you've never heard of Social Engineering, it's not something that has to do with hacking Facebook... Social Engineering is when you 'hack' a person. If you have just enough info to sound credible and get a CSR on the line who believes you, you can pretty much get access to anything you want. It's the biggest part of ID theft. Knowing the SSN of a person is only part of the whole picture and not everything can be done soley via email.

    While you are correct that in the instances that people get hacked minutes/hours after reactivating an account is more than likely their system being keylogged, there are instances of people who haven't played the game in years who suddenly get a legit email from Blizzard talking about their now orphaned account being compromised.

     

    There are 3 types of people in the world.
    1.) Those who make things happen
    2.) Those who watch things happen
    3.) And those who wonder "What the %#*& just happened?!"


    image

  • faefrostfaefrost Atlanta, GAPosts: 199Member

    Originally posted by generals3

    "The most basic reason there is. No Blizzard employee can actually see the information we are talking about. None. Not some mysterious contractor, not a CS drone, no the server admins, and not the developers."

     

    Tell me how they recover hacked account? Yes that method can be used to "compromise" accounts as well.

    They have you do a password recovery, essentially you reset the password or choose a new one (you can do this automatically via the website or they can trigger a reset), and once you then have control of the account (having reset or re-established your password) they restore the actual information on the account via the database backups and server logs. 

    So yes a Blizzard employee can add or delete stuff from your characters and restore your character information (and for the record lower level GM/CS types cannot do this, it gets passed to a smaller specialized restoration team) but they cannot see, copy or directly manipulate your account password. 

    The weak link in the account security chain, is, always has been, and will continue to be, the end users PC. Even when the Chinese government hacked Googles GMail servers, given their resources, they did not do it via a direct attack on Google or by compromising Google employees. They did it through the users PC's and trojans and keyloggers. (and worth noting, the same basic code that the chinese government used to do this was publicly leaked to the hacker comunity as an act of spite and cover earlier in the year. It is this same mechanism that is fueling much of the more modern keyloggers that fill those chinese databse servers with 44 million accounts worth of login info. )

  • faefrostfaefrost Atlanta, GAPosts: 199Member

    Originally posted by fyerwall

    Originally posted by faefrost


    Originally posted by generals3


    Originally posted by Luthor_X


    Originally posted by Teala

    You know, there is more to this than some people wish to believe and I honestly think Blizzard has people on the inside selling account info to gold farming houses to make a little cash on the side.   To many accounts, especially inactive ones get hacked.   Plus, now people with authenticators accounts have been crompomised...and that I would not think is possible.   Some of this hacking is because Blizzard has employees that are making money selling peoples info.

     

    ^^ This

     

    I had an authenicator protected account not only get hacked, but the offending party also put a "NEW" authenticator on it. Mine was the one that you purchase from the Blizzard store, and I was the one who purchased it from the Blizzard store. I really believe that some of this is infact on their end, not all, not even most, but some, because there just isn't any other logical explanation.

     

    Also, when you add people to the equation (Blizzard Employees, Contractors, etc), anything is possible... either intentional, or accidental.

     

    Just my opinion.

    And i would add that i don't understand how some fanboys can keep on saying that it just cannot be on blizzards end and that it's always on the consumers end. Blizzard is a company and cannot be 100% safe from employees doing illegal things, a buttload of companies have employees leaking information.

    The most basic reason there is. No Blizzard employee can actually see the information we are talking about. None. Not some mysterious contractor, not a CS drone, no the server admins, and not the developers. As they say there is a reason "no Blizzard employee will ever ask you your account password" The simple fact is no member of the team can see what your actual current password is. The Database and server software, like most other enterprise level server software, simply will not ever display user passwords. The best an employee can do is reset a password. But blanket password resets on the scale we are talking about are very easy to detect. Plus many if not most of the hackings have not had the actual account password changed. There is no way for them to do what you are saying without changing the password, and they would have no way to restore it to the original once changed. 

    It isn't fanboys who are saying that it cannot be on Blizzards side. It is IT and MIS professionals. Yes companies have suffered data losses, and yes Blizzard could be just as susceptible. But it is your CC info that is far more at risk than your actual account login info. That gets stored in a retrievable form (as it does in any vendor. They need to know what your CC# is in order to use it). User passwords are unique encrypted information that does not get unencrypted. While it might be possible to reconstruct your password from the database, it would require access to the entirety of the database and probably resources similar to the FBI lab to do it. It is not something that can just be printed out or dumped to a flash drive. 

    My personal favorite of all of these claims is this particular patern. "My account was inactive for . I just reactivated it and 2 days later I suddenly got a ban notice that I had been engaging in gold spam! OMG! This muct be something on Blizzards end!!!"... Ummm no. It means that you have a keylogger on the system that you used to reactivate your account. Since it happened in a matter of hours or days it means you have one of the newer truly nasty ones. You probably want to scan your system a little more thoroughly then the expired copy of McAfee that came with it.

    You may want to read http://www.gamespy.com/articles/109/1093357p1.html if you really want to get scared about how fast and how efficient these keyloggers can be.

     You do understand that "No Blizzard Employee will ever ask for your password..." doesn't mean they cannot access your account info. All that means is that in a phone call, email or any other form of correspondence that the employee will never ask for such info. They can however access your account by looking up specific account names, email addresses, member names, etc.

    When it comes to account info, all the people really need is basic info from the account that they can later use when calling customer service. It's what a lot of Social Engineering hacks use. Incase you've never heard of Social Engineering, it's not something that has to do with hacking Facebook... Social Engineering is when you 'hack' a person. If you have just enough info to sound credible and get a CSR on the line who believes you, you can pretty much get access to anything you want. It's the biggest part of ID theft. Knowing the SSN of a person is only part of the whole picture and not everything can be done soley via email.

    While you are correct that in the instances that people get hacked minutes/hours after reactivating an account is more than likely their system being keylogged, there are instances of people who haven't played the game in years who suddenly get a legit email from Blizzard talking about their now orphaned account being compromised.

     

     

    Actually no. There were some fairly recent Blue name posts discussing just this specific question where they said outright that the reason they will never ask your password is that there is no reason to, they cannot see your password. Just as your bank employees cannot see your actual password. They can see that you have a password and they can force a reset of it, but they cannot see what you have entered into it. This is pretty much industry standard for any enterprise level server product these days. Be it Microsoft, Linux, Oracle, IBM, Sun, whatever. No one can see what your existing password is via the clients or interfaces, not the top end developers nor the Blizzard CEO. It's just how the server and database software works. Blizzard wont ask because it is meaningless info for them since they have nothing to compare it to. 

    http://forums.worldofwarcraft.com/thread.html?topicId=4311113949&postId=43106377524&sid=1#76

  • Luthor_XLuthor_X Campbellsville, KYPosts: 431Member

    There is a bitter irony at work here. The Faithful cannot accept the truth from their peers, but whole-heartedly believe in the wholesomeness of a Mega-Corporation.

     

    *Hint*

    Corporations are ran by people. And those who believe that a Superduper$5gazilliondollar secure data base cannot be compromised (especially from the inside) are well... naively optomistic at best.

     

    Go ahead... the koolaid's great!

     

    I never clicked on any email link, nor have I ever visited any phishing / questionable sites. I found out that my account was compromised by trying to login and not being able to get past the authenticator. Futher, I dont surf porn, really dont even use email. The sites I visit are this one, the official forums, MSN, Amazon, Gamestop, Walmart.

     

    And I'm the only one who used this pc, which btw only has WoW and the Pre-download of SC2. I believe the people who say that they have never been hacked, and don't have any malware on their pc's. Problem is, they don't seem to believe me.

  • faefrostfaefrost Atlanta, GAPosts: 199Member

    Originally posted by Luthor_X

    There is a bitter irony at work here. The Faithful cannot accept the truth from their peers, but whole-heartedly believe in the wholesomeness of a Mega-Corporation.

     

    *Hint*

    Corporations are ran by people. And those who believe that a Superduper$5gazilliondollar secure data base cannot be compromised (especially from the inside) are well... naively optomistic at best.

     

    Go ahead... the koolaid's great!

     

    I never clicked on any email link, nor have I ever visited any phishing / questionable sites. I found out that my account was compromised by trying to login and not being able to get past the authenticator. Futher, I dont surf porn, really dont even use email. The sites I visit are this one, the official forums, MSN, Amazon, Gamestop, Walmart.

     

    And I'm the only one who used this pc, which btw only has WoW and the Pre-download of SC2. I believe the people who say that they have never been hacked, and don't have any malware on their pc's. Problem is, they don't seem to believe me.

    The "faithful" are not saying that the database cannot be compromised. But the professionals are saying that the vector of compromise that the conspiracy nuts are looking for is so far out there as to be next door to impossible. Yes the database can be compromised. Certain info can be compromised fairly easily. Your e-mail address. Your billing address, even your CC number. But because of how these things work it would be all but impossible for a Blizzard employee to compromise your password via the database. Doing so would pretty much require the ability to forensically dissect the database. While not impossible bordering on the insanely difficult and not something that commercial gold sellers (which is who the account hackers are)will have the resources, wherewithal and frankly even the need to do. 

    Plus lets not forget the risk reward structure. Going after this stuff from Blizzard either through direct compromise or via human engineering has massive legal risks. if someone is stealing info direct from Blizzard they will face the direct response of heavyhanded lawyers and law enforcement. Blizzard has often proven they are not shy about calling the FBI. And hacking a commercial data service (which is what Blizzard is) carries heavy jail time, and alot of countries will extradite for. 

    Whereas attacking the user end point is relatively easy, has a much greater success rate for the effort required (as high as 30% simply using automated systems such as trojans, automated phishing, malware and botnets) and almost no legal risk. No Law enforcement will care if Edna Puddlebee had her computer infected with a virus or her WoW level 80 Paladin stripped. They just don't care. There is no chance of arrest or civil liability from attacking the individual end user. None! Zip nada!

    I am not saying that I have any particular trust in Blizzard or there security. I am saying as an IT and Security professional that if Blizzard was the source of a human compromise, it simply would not be account passwords. The employee or contractor or whatever would be selling off personal info such as Credit Cards and billing addresses. That's the information they could get to and get in a bulk form. The account info would quite simply be too hard to get through Blizzard and too easy to get through the end users. Security compromise, at least as a commercial endeavor on the scales that we are talking about here,  will always follow the path of least resistance that offers the greatest reward with the lowest effort or risk. And I hate to break it to everyone. But you all reading this... you are that path or least resistance. 

    The bitter irony here is that doubters and detractors cannot believe actual facts or data when presented by those with actual real world experience and expertise in this sort of thing and instead insist on believing unfounded and illogical conspiracy theories built on rumor, innuendo and spurious internet claims with no actual fact or evidence. 

  • grapevinegrapevine PeterboroughPosts: 1,927Member

    It looks like a cascade of a scam e-mail.

     

    I received one aswell, saying the account I've not used for over a year had been used for gold selling, frozen, etc.

     

    Went to the (official) account page, and checked for recent tranactions, which there wasn't any of.  So nobody had activated it.  I then went to the character transfer option.  All my characters where listed as viable transfers.

     

    Then I checked the header of the e-mail, which states: -

     

    "X-Originating-IP: [222.69.161.41]

    X-Originating-Email: [i_suck_at_this@hotmail.com]

    Message-ID:

    Received: from rrusg ([222.69.161.41]) by BLU0-SMTP38.blu0.hotmail.com over TLS secured channel with Microsoft SMTPSVC(6.0.3790.4675);

         Sat, 24 Jul 2010 13:33:47 -0700

    Reply-To:

    From: "Blizzard Entertainment"

    To:  "

     

    The hotmail address aside, performing a nslookup blizzard.com is showing as 12.129.242.30.  222.69.161.41, seems to belong to a non-existent domain.

     

    Its seems Blizzard's exchanges are mx1.blizzard.com (12.130.201.11) ; mx2.blizzard.com (12.130.201.10) and mx5.blizzard.com (12.129.251.175).  None of which are within the range of the originating IP. 

  • ShadoedShadoed BirminghamPosts: 1,499Member Uncommon


    Originally posted by zymurgeist
    People, an inactive account can be compromised even if you never log into it. If you use an E-mail address and password to access an unsecure site chances are it will be checked against a battle.net account. If it's the same one you use for WoW you're screwed. Even if Blizzard's security was perfect this would work. Your WoW account needs a unique E-mail address and a secure password that is never used for anything else.  The more garbled looking your E-mail and password is the better.

    Everyone seems to be missing the main point of the original post here, the OP isn't just claiming that he/she had an inactive account compromised, they are claiming that they had an authenticator protected inactive account compromised and i am still yet to see any explanation as to how this is possible?

    It must be Thursday, i never could get the hang of Thursdays.

  • AconsarAconsar Narvon, PAPosts: 262Member

    Originally posted by jason_webb

     




    Originally posted by zymurgeist

    People, an inactive account can be compromised even if you never log into it. If you use an E-mail address and password to access an unsecure site chances are it will be checked against a battle.net account. If it's the same one you use for WoW you're screwed. Even if Blizzard's security was perfect this would work. Your WoW account needs a unique E-mail address and a secure password that is never used for anything else.  The more garbled looking your E-mail and password is the better.




     

    Everyone seems to be missing the main point of the original post here, the OP isn't just claiming that he/she had an inactive account compromised, they are claiming that they had an authenticator protected inactive account compromised and i am still yet to see any explanation as to how this is possible?

    A friend of mine has an authenticator and his account was still compromised.  You tell me how it happened, because he doesn't use add-ons or go to unsafe sites.

  • ShadoedShadoed BirminghamPosts: 1,499Member Uncommon


    Originally posted by Aconsar
    A friend of mine has an authenticator and his account was still compromised.  You tell me how it happened, because he doesn't use add-ons or go to unsafe sites.

    If it was an active account then it is possible although still highly improbable, if you go back to the original few posts it is explained there, but again we are talking about an "inactive" authenticator protected account!

    It must be Thursday, i never could get the hang of Thursdays.

  • Aki_RossAki_Ross ScotlandPosts: 166Member

    I've been reading a lot of posts on these forums, about accounts been hacked and I'm starting to get the impression that sometimes it's on Blizzard's end, which is very worrying.

  • HrothmundHrothmund HelsinkiPosts: 1,061Member

    Originally posted by miagisan

     

    World of Warcraft - Security Warning‏
















    From:

    image Blizzard Entertainment (donotreply.service@blizzard.com)

    Sent:

    Sat 7/24/10 3:33 PM

    To:

    -----------------

    sorry but its the real thing. i know a fishing email and how to spot them. been playing mmos for a very long time. i know the scams. The email header doesnt lie.

    I'm sorry, but you're wrong.

  • Luthor_XLuthor_X Campbellsville, KYPosts: 431Member

    Originally posted by maji

    Originally posted by Luthor_X

    I never clicked on any email link, nor have I ever visited any phishing / questionable sites. I found out that my account was compromised by trying to login and not being able to get past the authenticator. Futher, I dont surf porn, really dont even use email. The sites I visit are this one, the official forums, MSN, Amazon, Gamestop, Walmart.

    Well, there's the trick:

    What seems more plausible to me? That members of a very large and successful company risk their jobs by selling account data for years and years without ever getting caught?

    Or that a member of a community that is known for using levelling services, buying gold, sharing accounts, and beeing attracted to phishing and scam attempts like moths to the light, didn't protect his account the way he should have?

    Hmmm.... tough choice... NOT!

    The best hint (apart from using common sense) that Blizzard is not selling account data, is the amount of WoW phishing and scam attempts floating around on websites, addons, youtube, mails and whatever. There is so much WoW scam spam floating all over the web, because the WoW players are falling for it over and over and over! If WoW players would pay some attention, or be less greedy or simply use more common sense, then there would be less scam attempts, because they wouldn't be worth it. But as it is, they are worth it, because people will fall for it.

     

    Are you implying something?

     

    Use caution in  your reply...

  • alakramalakram malagaPosts: 2,223Member Uncommon

    I never had an account in WoW, the last friday I got an email from blizzard saying my account had password change and if It wasnt me i could still click on a link and recover it, so I thought wooot free account!!!, I clicked the link but I can't figure out the information, guess the guy changing the password is going to keep it.

    image

    hehe just joking...

    as a serious note i dont know what to think, is amazing the amount of hacked wow accounts he read about everyday in here. In one hand it can be real that so many accounts get hacked and that someone from inside is selling accounts... in the other hand, it can be a lot of people from other games trying to create a false bad reputation about blizzard security so people stop playing wow and they can take part of this market.

    -=AlaKraM=-
    Don't fight against poverty, fight against greed.
    My Lord of the Rings Gallery

  • faefrostfaefrost Atlanta, GAPosts: 199Member

    Originally posted by jason_webb

     




    Originally posted by zymurgeist

    People, an inactive account can be compromised even if you never log into it. If you use an E-mail address and password to access an unsecure site chances are it will be checked against a battle.net account. If it's the same one you use for WoW you're screwed. Even if Blizzard's security was perfect this would work. Your WoW account needs a unique E-mail address and a secure password that is never used for anything else.  The more garbled looking your E-mail and password is the better.




     

    Everyone seems to be missing the main point of the original post here, the OP isn't just claiming that he/she had an inactive account compromised, they are claiming that they had an authenticator protected inactive account compromised and i am still yet to see any explanation as to how this is possible?

     Look around on Blizzards forums for references to "man in the Middle Attacks". They have publicly addressed them and had a good amount of discussion and posts on them since around February. So they aren't ignoring anything.

     

    Authenticators can be defeated using a Man in the Middle Attack. This isn't just Blizzard, this is any security scheme that uses a secure token exchange such as RSA tokens or similar. But the means to compromise such are time consuming, cumbersome, and require precise timing, so the hack has to occur in real time. It's not like the far more productive keyloggers and trojans which sniff and sweep the internet automatically, and whose take can be picked up and used by a gold farmer/seller/scum of the earth months later. A Man in the middle hack only works for about 20 seconds (max) of when you try and log in.

     

    Here's how it goes.

     

    Step 1 - The users machine gets infected with one of the newer truly nasty real time keyloggers. And before anyone says anything, YES IF YOU HAVE AN AUTHENTICATOR AND YOU WERE HACKED, THIS IS HOW THEY DID IT. YOUR MACHINE IS INFECTED 100% CERTAIN. Just because you have not found it does not mean that it is not there. These newer keyloggers are very very nasty amorphic rootkit virus's. They often attack or replace your systems core keyboard drivers among other things. Just as an example, I had a medical imaging system with a flaky keyboard on my bench last week. I threw every search suite I could at it. AVG, Malware Bytes, Combofix, Kaspersky, Trend, Avast, plus some other very specialized tools. None found anything, or at least found the root infection that was spawning the others. Gmer reported some suspicious system files which were confirmed to be malicious rootkits when they were extracted and sent to antivirus.com . This was on Tuesday and Wednesday with the latest updated version of the most commonly used AV software scanning. Nada. It was very obviously a keylogger, and while I don't know for certain that it was sniffing for WoW information, we know that that is what at least 20% of keyloggers look for. (For the record that infected drive is on its way to Kaspersky to see what they can make of it.)

     

    Step 2 - Step 2 is you go to login. The trojan on your system feeds you a fake login screen and you enter your info. At which point it feeds you an "authenticator error" or a "login error" or a "password/username failure" etc. Basically it wants you to keep trying to login so as to keep sending it the current Authenticator number reseting the hackers clock, or even better yet, you get frustrated assume there is a problem with your authenticator and disable it from your account. (for some reason iPhone based authenticators seem particularly susceptible to doing this. They disable it so they can redownload and install a clean version). It's also important to note that an inactive account cannot be compromised in this manner. The process is only possible within 20 to 30 seconds of you attempting to login to Battle.Net via some path.

     

    Step 3 - Now as soon as you logon to that fake login box it sends your account name, password and the current # displayed on your authenticator to a waiting live human being hacker. This is what makes this hack rare. It requires the 1 to 1 human being waiting to hack you. It cannot be done via automation. As soon as the waiting hacker recives your info he has less than 20 seconds (often alot less depending on where your authenticator was in its clock cycle when you typed it in) to quickly use his legitimate client to login to your account, disable your authenticator and install his. Once done, if the timings all work out for him (maybe a 1 in 10 chance) he has possesion of your account and can procede with his heinous gold spamming activities.

     

    To date Man in the Middle attacks against authenticator hardened accounts remain rare because of the precise timing involved and the need for that man in the middle to be a human agent. But obviously the hacker industry is trying hard to improve this with each cycle. The main purpose of an authenticator is not to guarantee absolute 100% security. It is more akin to a real world car alarm or household alarm system. It is to make your stuff harder to hit, thereby making the attacker more prone to go after the easier target (your neighbor).

  • KostKost Vancouver, BCPosts: 1,975Member

    Anyone who thought the mail was real, got phished.

    For starters, email responses from Blizzard always come from donotreply@blizzard.com, not donotreply.service@blizzard.com. The new phishing emails have their “From” field spoofed to appear as if the source is from a generic address at the blizzard.com domain, which is not the case at all.

    Secondly, people should know better by now. I can't believe that after this many years players or ex players still get phished without any trouble. The sad part is that ninety percent of the population blame Blizzard anytime an account gets compromised, when they fault is entirely there own.

    Anyone who gets phished, and then claims that it's not the fault of there computer, that it is secure, and that it is all blizzard's fault (or anyone's fault other than there own), is fooling themself.

    Take responsibility.

    Btw, there is a news article about this very occurence:

    http://news.softpedia.com/news/New-World-of-Warcraft-Phishing-Emails-in-Circulation-149000.shtml

  • ShadoedShadoed BirminghamPosts: 1,499Member Uncommon


    Originally posted by Aki_Ross
    I've been reading a lot of posts on these forums, about accounts been hacked and I'm starting to get the impression that sometimes it's on Blizzard's end, which is very worrying.

    Having read many of these myself over the months/years i am yet to see even 1 that gives any solid evidence that there is any issue at Blizzards end. There is much speculation, conjecture, accusation and just plain guess work but NOTHING solid!

    I missed the OP's small post on the last page saying that this thread was in fact a false alarm as it did turn out to be a phishing attempts as are the vast majority from what i have seen personally (no matter how some completely refuse to accept it) and anyone that uses the internet at all and in the same breath claims that they have never put their machine at risk is seriously deluding themselves. The shear act of connecting your network to the internet and accessing any online content puts your machine at risk no matter how safe you think the content may be or how secure you think you have made your software.

    It must be Thursday, i never could get the hang of Thursdays.

  • kftauruskftaurus Chicago, ILPosts: 36Member

    Just wanted to add my experience as well. I had been inactive for nearly 6 months with two different accounts, and I decided to resub. Now both my accounts are obviously tied to my battle.net account, I have never had a problem before, I do not go to "fishy" websites as I am very cautious with my computer, I have full internet and virus/adaware/spyware software running, and yet somehow about a day or two after I resubbed I was hacked. They even added an authenticator. Needless to say I was not very happy, I had blizzard deal with it, and reformatted my entire hard drive, just in case. A lot of effort to go through just to make sure it wouldnt happen again. Well about two or three days after jumping through the loops, and changing passwords not only was my account hacked again, but I also received a warning from my email about someone trying to access it from China. Ridiculous! I have cancelled my subscription and do not plan on going back until Blizzard finds a way to take care of this issue, its not like I entirely blame them for everyone getting hacked, dont get me wrong, however, there is no way this could have been an issue on my end. Now, I have been contacted regarding a chargeback on my account as well. Clearly there is something not right, and I refuse to pay the chargeback, it would be crazy to think otherwise. I was looking forward to Diablo 3 and anything else Blizzard throws our way as I am a huge fan of their work, but now to be quite honest I am worried about doing anything involving money on battle.net. Anyways, just my two cents.

    Playing:Vanguard, Firefall
    Waiting for: TESO

  • Aki_RossAki_Ross ScotlandPosts: 166Member

    I really don't see how people can defend Blizzard. Yes, I would say that at lest half of the accounts been access are down to the player. But then there's a number of people, whom have taking every precaution under the sun and still their account gets broke into. So either it's somebody at Blizzard, whom is not who they appear to be, or Blizzard's own system as been leaking. Either way somebody should be investigating, instead of trying to deny there's no problem.

  • TorikTorik London, ONPosts: 2,343Member Uncommon

    Originally posted by Aki_Ross

    I really don't see how people can defend Blizzard. Yes, I would say that at lest half of the accounts been access are down to the player. But then there's a number of people, whom have taking every precaution under the sun and still their account gets broke into. So either it's somebody at Blizzard, whom is not who they appear to be, or Blizzard's own system as been leaking. Either way somebody should be investigating, instead of trying to deny there's no problem.

    The problem with these discussions is that most of the people making accusations against Blizzard, really do not know what they are talking about and are just repeating stuff they read that does not make much sense.  Heck the OP of his thread even admitted that he was not actually hacked, but was overreacting.

    There are real ways in which Blizzard could be compromised but people here instead prefer to discuss conspiracy theories instead of thinking about things logically.

Sign In or Register to comment.