Howdy, Stranger!
It looks like you're new here. If you want to get involved, click one of these buttons!
Quick Links
Hacked characters?
AzurePrower
Member UncommonPosts: 1,550
Alright. Just having a strange issue here whilst checking back on characters in World of Warcraft.
I've of course have left my characters inactive since the start of 2011 and they're showing the inactive not found page.
How ever, I checked a friend who has quit with me at around the same. They're characters are showing up. Showing activity for 2012 with their gear missing and one character even apparently transferred to another realm.
I had my friend log onto their account. Sure enough, they're able to get in. They check their world of warcraft account page and their subscription status. Sure enough, it was frozen and has been inactive since early 2011.
Friend also has full access to the e-mail their account is connected to and received no e-mail about a realm transfer or any thing.
So how is this possible?
-Azure Prower
http://www.youtube.com/AzurePrower
Comments
Still doesn't explain if their game time expired in 2011. How can an account be accessed?
Seems like accounts getting hacked in WoW is too much of a common thing. No other game has such wide-spread account hacking. Even with authenticators. There's only so many times you can blame it on the player.
-Azure Prower
http://www.youtube.com/AzurePrower
The same just happened to me, My Account was inactive since january 2011.
Yesterday I activated my account using the rez scroll with the 7 free days. My surprise when I discovered my characters naked, with empty bags and no gold at all.
So HOW is this possible? looks like the new "modus operandi" is Hacking inactive accounts?
Fortunately I do not care since I dont plan going back to wow. But that is disgusting and unfortunate.
Their account was frozen and last paid game time was march 2011. So... Doesn't make any sense.
If it was a 3 day pass or a paid month. It would list the expired date.
I used a 3 day pass last on my account and it lists its expired date instead of my actual subscription months before it. So doubt the date would go unlisted.
-Azure Prower
http://www.youtube.com/AzurePrower
I could get them to screen shot it if you like. There's really no point to make up stories.
-Azure Prower
http://www.youtube.com/AzurePrower
A long time ago in EverQuest (I can’t remember if it was the original or EQ2) a real controversy erupted in the forums that reminds me of your story. I wish I had links but in a nutshell, SOE had corrupt GM staff members that used inactive account characters to farm gold and sell it to players.They would get characters moved around to where ever needed. They went further and hacked into “choice target players and guilds” for cleaning them out and got caught for that but the damage was done.
I am not saying that is what happened here. But, “If” you are sure there is no mistake in your assertion, then see if your pals can contact Blizzard through web support channels or phone with the details and ask them about what has happened. They can get to the bottom of it and find out...
Last time I played was about three months ago. 20 days in I could not take this lifeless, too easy game anymore. I cancled my account with 10 days left.
The next morning, My Yahoo account was hacked ( an account I had for five years ). I decided to check my WoW game ( after all 10 days left ). Sure enuff, Hacked and could not log on........To make a long story short.....They got into all my stuff, not just WoW.
WoW is just a nasty game, I called Blizzard, told them to shut everything off for good......I'm done with this crap !!!
They also added a NPC/Banker to the bottom of befallen that'd dupe gold.
Incognito
www.incognito-gaming.us
"You're either with us or against us"
Just to add a little something to this thread...
Blizz will never publicly admit that their security protocols have been completely breached and/or bypassed. It would be disasterous for business. The few times they have actually spoken publicly about breaches, they still will not divulge or admit the depth of the vulnerabilities.
I am an IT security specialist (and pretty damn good at what I do...
) and the first rule of data security is that there is no such thing as 100% secure. Any and every security protocol, especially any client/server based protocols, can be breached. It's just the nature of the client/server software architecture. Blizzard is most definitely no exception to this rule and being such a large target, I assure you they have been breached in ways you wouldn't believe...
Accounts can (and have been) accessed, and used by completely bypassing the authentication and validation systems. Accounts that are inactive, not having "time" on them, are able to be logged in and played, transfered, you name it. "Hackers" are using premium account services (paid services) freely on these accounts and blizzard still maintains the position that it has never happened... haha that's cute. Try posting up about this in the official blizzard forums and see the respone you get. These are responses from blizzard representatives that have no idea how the WoW architecture even functions, let alone the securing of it. They are not qualified to even be answering questions regarding these types of breaches.
While Blizzard does go to great lengths to protect their users, aswell as themselves, there is only so much they can do. The nature and effectivelness of these attacks suggests blizzard has been victim to side-channel attacks against their datastores. And for neutralize the threat that would have been created by successful side-channel attacks, would require an enormous amount of work restructuring and resuring their data from the ground up. They avoided upgrading the rendering engine this long because of the workload it would impose, and that's just a rewrite of the rendering framework... haha. It's much easier to deny responsibility than the restructure the entire datastore infrastructure...
Anyway, the point is, yes you are correct in assuming that your account can be accessed in these manners and don't count on any acceptance of responsibility from the blizzard. And keep in mind, it isn't just World of Warcraft that this is happening in...
Food for thought.
BOOM!
The worst sceptic pandering and scaremongering post i have read in a long, long time! You of course have information to back up the accusations that Blizzard are just creating a huge cover up to hide the 'fact' that accounts are breached and used on a regular basis?!? I'll take your word that you do what you do and you are good at it, but at the same time i am pretty sure that Activision/Blizzard don't just have an 65 year old bloke sitting in a chair just making sure that the lights don't blink red to show a security breach.
As an IT Security specialist you will know all too well that the worst threat to any users security is the user themselves and that will always be the number 1 cause of security issues. Blizzard admitted to a security breach only a couple of weeks ago, made it very public, let everyone know how deep the breach went and suggested resolutions but i am yet to see in all this time and the numerous posts about accounts being hacked any solid evidence that there is a security conspiracy going on within Blizzard. In a relatively large guild for over four years now only three people have ever been hacked (one guy twice) and all three were down to keyloggers found on their machines when checked properly and as well as that we have had many people leave for extended periods (having babies, work commitmnents, university etc) and all have come back with no issues on their accounts. Not a definative sample of the playerbase by a long chalk, but having been in a large raid guild in Vanilla and another before the one i am in now i would have expected to meet at least one person that had, had this problem, but never have.
Personally i believe posts like the one you have made above are the worst as it makes people believe that it isn't their responsibility when they have their account hacked, somehow it is all down to Blizzard and some sort of conspiracy when in all reality it is a 99.999% (no network is 100% secure ;-)) chance that it is down to something at their own end that has caused the problem.
It must be Thursday, i never could get the hang of Thursdays.
This would be the public announcement by blizzard you are referring to? http://us.blizzard.com/en-us/securityupdate.html
When I mentioned side-channel attacks, this is exactly what I was suggesting. Go figure... lol
The "cryptographically scrambled" passwords they are speaking of would be tough to decrypt although not impossible, and you better believe if an attacker has the ability to get root access to their database servers and specifically target the user account password data, they probably have the means to decrypt it...
You are absolutely correct in suggesting most security issues are a fault of the user not protecting themselves properly or not being aware of the threats in different scenarios, not just in online games, but everywhere. However this is not the type of attack I am talking about.
I'm suggesting the authentication and validation systems are capable of being completely bypassed. I wouldn't be able to say exactly how attackers are going about this as I'm not aware of blizzards authentication and validation system structuring, but if I had to guess, I'd assume multiple filesystem servers had been breached through one of those "internal network" breaches and had copied internal assemblies and stole memory dumps to figure out where teh vulnerabilities where. Again, just an idea of course.
Do I have information to back up the accusation? Absolutley! lol But not information I think blizzard or my friend would appreciate me divulging. The reason I know this has happened is I witnessed it happening to a friends account that had ceased playing for almost 6 months. I spoke with the GM (out of game) that was managing the support ticket with my friend after examining both his system and his account and determined there was no fault on his part and his account was infact inactive. I had the GM confirm this aswell, the GM assuring that no trial time or credit card disputed time purchases had been applied to the account since his last activity. Yet his characters were clearly online and turning a hefty profit in the Action House business lol. He even recieved a few premium services applied to the account by the attacker including a few server transfers and a few extra characters on the account that most certainly were not created by him. And get this, even though the account clearly had no time on it and hadn't for months (verified by Blizzard representatives), the armory was still showing recent character updates in the recent activity feeds...
After helping him with his issue I got curious and did some searching around and sure enough, a large amount of other players were reporting the same activity only to be shunned for suggesting that an attacker somehow accessed and used their inactive account.
To answer the question you're probably thinking, yes I did ask the GM if they have had any attacks of the nature I described above, which obviously, he/she was not able to answer (understandably).
Anyways, yes this can and does happen. It's just the way things work. Anything that can be done on a computer can be undone, or done in multiple alternative ways.
Love hot-hustler xo
BOOM!
So i will ask the million dollar question based on the above. If you were so inclined would you lay your career and reputation on the line and take Blizzard to court based on the evidence you believe you have that they are somehow covering up a major continuous (over the last several years if some posts are to be believed) breach of their secure systems that allows persons unknown to access and play inactive characters without having to activate them?
It must be Thursday, i never could get the hang of Thursdays.
haha obviously not. 1: There's no legal basis for Blizzard to be sued. What would you sue for? Pain and suffering? Damages? lol.... and 2: It's THEIR system being compromised and the object being compromised has no value to the end user beyond the lisence they purchase for the client software and the gametime they purchase and the sentimental value it may hold. Their disclaimer(s) in the EULA pretty much sum it up. And even if there was a legal basis, what grounds would I have? It wasn't my account.
As for the "conspiracy theory", it's not much of a theory. It's a standard business practice in the software world... scary huh? lol Many IT companies share this practice as it is devastating for business to publicly announce a security breach of something your clients find valuable. If you read the EULA the accounts, characters, etc are ALL property of Blizzard, not the user. This is a clause that benefits many of their needs, including "illegal" real-world economy of in-game items, account selling, etc. You pay for the service, not the property (virtual or not).
I don't think anyone is suggesting this particular type of attack has been happening for years. Rather, it seems that this is a relatively new breed of attack, emerging in 2010 or so.
I'm sure blizzard loves this kind of blind faith from it's users because it is splendid for business, but the backlash is it removes pressure from the company to secure the vulnerablilities in a timely fashion. Whether you choose to be aware of it is up to you.
If you don't have a firm understanding of application and client/server security protocols (google searchers and "armchair programmers" are no exception), then you really aren't capable of making a valid statement in these matters.
xo
BOOM!
The only blind faith i have in anything is the love of my children, other that that i am a pretty straight forward guy who just likes to see a little proof when someone makes a statement about something. Can i prove that it isn't happening, well of course i can't but at the same time i am still to see any solid proof to the contrary other than rumour, conjecture or guess work. As for understanding, with 22 years in the IT industry i have picked up a few bits and pieces along the way but that being said, i always stand to be corrected should a solid nugget of evidence land in my lap.
It must be Thursday, i never could get the hang of Thursdays.
I'd be inclined to believe all the above should some one provide proof.
What.? lizard men.? I thought it was going to be monkeys........
Yes there is a point in asking this in this thread ty The OP wants to make us aware of ways people get hacked. Let me add to those ways since knowlage is power.
1. Most importent your email address is the first step hacker use to get into your account. Dont matter if it is inactive or not if you have a battlenet account still be very careful in how you and who you give your email address to for example do not ever give your email address willy nilly in open forums.
2. if you get a invite all of a sudeden for a party from someone that you do not konw do not accept. It is more then likly a hacker that can detect your IP address and all they need is your PC to "talk" to their PC and a accepted invite is the perfect way. Say no to strangers.
3. Very rapidly growing guild. Espesialy ones that use Vent. Why because they want to "recruite" hundreds of players no matter what lvl acualy lvl 1-20 gets hit hard because they assume most of they players are nieve and what will happen is that once people start to get onto their vent well guss what they again have your IP address.
4. Use a very relible Internet protection program. Scan for venerablities. Scan for critical areas and update everyday. Along with your paid internet proctection use programs like Spybot seek and destroy and or CCleaner Im sorry but Free ones will not cut it alone.
5. Chnage your IP address randomly. Very simple to do. All you do is open up Command Prompt type in IPconfig/release then type in IPconfig/renew then type in exit. This will change your IP address so if a hacker does have your IP they will not have your new IP address.
6. Even more improtent contact Blizz at the Help, I got hacked! page.