What would add a bit of extra security is if game login passwords were seperate from Master accounts battle.net. Someone keylogs ur game password they got access to every game on that account.
Good/Bad news. When my account was ripped, All my items were stripped, I lost over 4000G worth of items, and over 2000g Worth of gold. My character was being used as a mining bot to mien bot things However here is the interesting thing.
I put in a gm service call when this happend, and it says. Your Ticket will be serviced soon, but its been like 24/48 horus almost no answer? Also my characters were deleted on some of them. When my character Logged in from being compromised and getting my account back again, I discovered someone registered my account using someone elses creditcard, or their own creditcard on my account to pay for 1 month subscription. Also my account was logged out over 1000 feet in the air and fell to its death, the same as I saw someone else post on here happen to them.
No Idea what really happen but umm. Does Blizzard really need updated security ?
This also why it could have been a mass phishing.Blizzard announced the cutoff date for needing to merge with Bnet.Someone using that date to their advantage for a mass phishing seems a strong possibility at this point.
Except I've never received any type of phishing e-mail.
No,not everyone was exposed this way,but the numbers that were phished is probably really high.
Consider this,I've never ever been phished on my WOW account until today,yes today.
Dead give away as it asked for account email and password and cd key.
What's really funny is it was sent to my email that has nothing to do with my WOW account.My Battlenet is the only thing that email is used for.No one knows it.The email it was sent to is used at this site and other WOW sites.It makes me think that people are scanning WOW forums and getting peoples email from the sites and then phishing them.Just a thought!
Just call blizzard tell them what happened, they will give you your account back with everything it had. Might take a while, but it is worth it.
Iv'e already done this and they swear up and down that it is my fault. Same exact things have happened to me. Why the hell would I ever buy or pay for another blizzard game if someone can hack my account, steal my stuff, and delete my characters anytime they feel like it and then blizzard blames me for it. It's like pitching your money down a hole, give me one reason i would ever buy another blizzard product. I asked the blizzard tech support this...they couldn't give me an answer...
Of those who've had their accounts compromised, who has visited curse.com? Every now and then I still check mmo-champion to see what's new with WoW, I remember seeing an addon they were pimping called NPC scan, I thought I'd add it to my bookmarks for if I ever went back. This is the only way I can think of that could have gotten me a keylogger (if that's what's happened.)
You know,there's something about Curse.com that's always made me leery of using that site or it's client.
I do use 2-3 addons and I always manually installed them instead of using the Curse client.I just don't trust it and I got them from a different site.
You know,there's something about Curse.com that's always made me leery of using that site or it's client. I do use 2-3 addons and I always manually installed them instead of using the Curse client.I just don't trust it and I got them from a different site.
Yea, I'd never use any kind of auto-update program for add-ons - that's asking for trouble imo.
Though you should probably ignore what I said, as there's no wayt they could have got my login details from the time I visited curse, I was unsubbed by that time... must have been since it was active.
The woman I spoke to at Blizzard was rather sure of herself, when I asked if there could be any chance that Blizzard's database could somehow be compromised she said "No chance, Blizzard is a multi-billion dollar company". Not really the most reassuring answer, is it?
The big reason why these issues are all user side-
If Blizzard itself was hacked, 2 main things would have happened/made massive public news by now. First, 11million peoples CC/personal info would have been stolen. You'd be seeing a lot more than just "missing gold/gear", you'd be seeing hundreds and thousands of illegal transactions along with identity theft on an epidemic scale. This is also something that one a similar scale must be publicly announced/reported. Depends which system was breached. Their invoicing system would contain our credit card data. Their login system would not, but it would contain our usernames (emails). Realize that even if the login system was breached, if Blizzard isn't completely inept, our passwords would be hashed. Additionally, most countries play by the laws that credit card fraud is illegal, where as breaching WoW accounts it not. If they went for our CC information on a large scale, the perpetrators would get several international law enforcement agencies after them. Second, a real, working copy of SC2 or D3 would have been leaked onto the torrent sites of the world. Because really, if Blizzard was hacked, and the only thing of worth the hacker took was your gold and gear, and not any of the far, far more valuable information Blizz would have available, that hacker would be one of the most pathetic, unimaginatize ponces I'd ever heard of. Wrong again. Breaching one system does not equate to breaching all systems. A frontend authentication system (login servers) are much more open to the net than internal systems would be, specifically to be able to do their job. In other words, they're a lot easier to hack into compared to any internal system. In the wonderful, relative world of things, each individual is a mere spec of dust just in the scope of WoW. Say 100,000 accounts were hacked recently, and say roughly 5mil total users not counting china, thats about 2%. Now, what'd really be fun to see are the actual numbers of compromised accounts that they could prove bought gold, got powerleveled, were shared/traded between people and compare that to trojan/phising/virii attack victims. That should cause some fun times.
The sharp incline of hacks implies that there is something beyond user control involved. I would be extremely hard pressed to believe that it's all users getting themselves hacked by visiting gold buying sites, getting trojans, account sharing, phising schemes, etc. All of these things have been employed by hackers for years to breach WoW accounts, yet only recently has the frequency increased at an incredible rate. All things considered, per the user's end of responsibility, the amount of account breaches should remain relatively constant percentage wise with regards to the total population of WoW.
It is not, however. It is exponentially increasing, and a logical assessment of the situation implies that something outside of player fault is to blame for these sharp increase. I'm not saying that players are not at any fault, but something is, or has, happened outside of player control to make things worse.
Originally posted by Ceridith The sharp incline of hacks implies that there is something beyond user control involved. I would be extremely hard pressed to believe that it's all users getting themselves hacked by visiting gold buying sites, getting trojans, account sharing, phising schemes, etc. All of these things have been employed by hackers for years to breach WoW accounts, yet only recently has the frequency increased at an incredible rate. All things considered, per the user's end of responsibility, the amount of account breaches should remain relatively constant percentage wise with regards to the total population of WoW. It is not, however. It is exponentially increasing, and a logical assessment of the situation implies that something outside of player fault is to blame for these sharp increase. I'm not saying that players are not at any fault, but something is, or has, happened outside of player control to make things worse.
Look at what is happening to other games right now. It seems that targeting fansites is becoming a much bigger issue than it has been in the past (I base this only on the amount of text generated over fansite issues in the past 3 months, so it is more conjecture than fact) and I'd guess that there are more fan/addon/strat sites for WoW than any other game out there.
If only a small percentage of those sites are compromised or mined for email addresses, it could have an effect in the number of compromised WoW accounts.
Then there is the battlenet merge. I'm not saying battlenet itself is not secure, but how many people do you think just used one of their common email addresses when they created the account? How many of those email addresses may have already been in the hands of malicious parties? Blizzard has recommended using a brand new email address for battlenet and not using that email address anywhere else. Great advice, but I'm not sure the message was spread effectively before it was already too late.
Add in the new patch late last year drawing players back and the people who create new accounts or reactivate old accounts during/after the holidays, you have a setup for the perfect storm of account compromise.
Originally posted by Ceridith The sharp incline of hacks implies that there is something beyond user control involved. I would be extremely hard pressed to believe that it's all users getting themselves hacked by visiting gold buying sites, getting trojans, account sharing, phising schemes, etc. All of these things have been employed by hackers for years to breach WoW accounts, yet only recently has the frequency increased at an incredible rate. All things considered, per the user's end of responsibility, the amount of account breaches should remain relatively constant percentage wise with regards to the total population of WoW. It is not, however. It is exponentially increasing, and a logical assessment of the situation implies that something outside of player fault is to blame for these sharp increase. I'm not saying that players are not at any fault, but something is, or has, happened outside of player control to make things worse.
Look at what is happening to other games right now. It seems that targeting fansites is becoming a much bigger issue than it has been in the past (I base this only on the amount of text generated over fansite issues in the past 3 months, so it is more conjecture than fact) and I'd guess that there are more fan/addon/strat sites for WoW than any other game out there.
If only a small percentage of those sites are compromised or mined for email addresses, it could have an effect in the number of compromised WoW accounts.
Then there is the battlenet merge. I'm not saying battlenet itself is not secure, but how many people do you think just used one of their common email addresses when they created the account? How many of those email addresses may have already been in the hands of malicious parties? Blizzard has recommended using a brand new email address for battlenet and not using that email address anywhere else. Great advice, but I'm not sure the message was spread effectively before it was already too late.
Add in the new patch late last year drawing players back and the people who create new accounts or reactivate old accounts during/after the holidays, you have a setup for the perfect storm of account compromise.
Blizzard deciding to use email as the username for battlenet accounts is a huge security blunder. Expecting players to create a separate email to explicitly deal with the gap in Blizzard's battlenet authentication (using email as username) is an unrealistic expectation. Any half-competent IT security professional should know this.
If it is indeed the fact that email are leaked and thus hackers effectively have a list of all of our account names, then Blizzard is in part to blame for making such a poor decision in their battlenet authentication design.
Originally posted by Ceridith The sharp incline of hacks implies that there is something beyond user control involved. I would be extremely hard pressed to believe that it's all users getting themselves hacked by visiting gold buying sites, getting trojans, account sharing, phising schemes, etc. All of these things have been employed by hackers for years to breach WoW accounts, yet only recently has the frequency increased at an incredible rate. All things considered, per the user's end of responsibility, the amount of account breaches should remain relatively constant percentage wise with regards to the total population of WoW. It is not, however. It is exponentially increasing, and a logical assessment of the situation implies that something outside of player fault is to blame for these sharp increase. I'm not saying that players are not at any fault, but something is, or has, happened outside of player control to make things worse.
Look at what is happening to other games right now. It seems that targeting fansites is becoming a much bigger issue than it has been in the past (I base this only on the amount of text generated over fansite issues in the past 3 months, so it is more conjecture than fact) and I'd guess that there are more fan/addon/strat sites for WoW than any other game out there.
If only a small percentage of those sites are compromised or mined for email addresses, it could have an effect in the number of compromised WoW accounts.
Then there is the battlenet merge. I'm not saying battlenet itself is not secure, but how many people do you think just used one of their common email addresses when they created the account? How many of those email addresses may have already been in the hands of malicious parties? Blizzard has recommended using a brand new email address for battlenet and not using that email address anywhere else. Great advice, but I'm not sure the message was spread effectively before it was already too late.
Add in the new patch late last year drawing players back and the people who create new accounts or reactivate old accounts during/after the holidays, you have a setup for the perfect storm of account compromise.
Blizzard deciding to use email as the username for battlenet accounts is a huge security blunder. Expecting players to create a separate email to explicitly deal with the gap in Blizzard's battlenet authentication (using email as username) is an unrealistic expectation. Any half-competent IT security professional should know this.
If it is indeed the fact that email are leaked and thus hackers effectively have a list of all of our account names, then Blizzard is in part to blame for making such a poor decision in their battlenet authentication design.
I've seen so many complaint's in the past where people blame Blizzard for using email as username.I just don't get why people are so bent on blaming Blizzard for this,when all you have to do is create a new free email somewhere and tie it Bnet.
It's so easy,but no people would rather blame Blizz.Please,if you care about your account you would make an email that is only used for Bnet.With all the phishing and such going on,you're just asking for trouble if you don't.Plus remember that having your username is only half the battle,they still need that password.
Originally posted by Berikai I've seen so many complaint's in the past where people blame Blizzard for using email as username.I just don't get why people are so bent on blaming Blizzard for this,when all you have to do is create a new free email somewhere and tie it Bnet. It's so easy,but no people would rather blame Blizz.Please,if you care about your account you would make an email that is only used for Bnet.With all the phishing and such going on,you're just asking for trouble if you don't.Plus remember that having your username is only half the battle,they still need that password.
QFT, people using their aol email address that gets 50 spam a day and it's the same email address they use for facebook, myspace, youtube, banking, creditcard, 401k, ebay, paypal, bestbuy rewards zone, mmorpg, ign forums, etc etc... and best of all, some of them are still using 12345 as their passwords. Sound familiar? I bet some people reading this would think "omg that's me, how does he know?!". People today simply need to be smarter.
Sure non-email usernames are unique, but so are brand new email accounts that you can create from gmail, hotmail, yahoo, etc.. If you want unique usernames, then create an unique email address just for gaming. Voila, it's that simple, it's that easy. But no no, let's blame the company for using email address as usernames, because obviously we need to prolong people's ignorance and bad internet practices. We need to keep on telling people having simply an anti-virus program is good enough to safeguard their private information...
We live in the age of electronic information, every single day your private data gets passed through the internet. People need to learn how to better safeguard themselves. Using email address as username isn't the problem. People need to create new unique email addresses for different things they do, rather than use the same one email address that everybody already knows by now for everything. People need to update their passwords because you have no idea how many people still use 12345, 1111, password, or their name as their password.
Could Blizzard be at fault for something? Sure, it's a possibility, but I'm not going to say for sure until someone proves it. But is Blizzard at fault for using email address as usernames? Heck no, email addresses can be as unique as anything else, you just have to create new email accounts for various things you do.
Originally posted by Ceridith The sharp incline of hacks implies that there is something beyond user control involved. I would be extremely hard pressed to believe that it's all users getting themselves hacked by visiting gold buying sites, getting trojans, account sharing, phising schemes, etc. All of these things have been employed by hackers for years to breach WoW accounts, yet only recently has the frequency increased at an incredible rate. All things considered, per the user's end of responsibility, the amount of account breaches should remain relatively constant percentage wise with regards to the total population of WoW. It is not, however. It is exponentially increasing, and a logical assessment of the situation implies that something outside of player fault is to blame for these sharp increase. I'm not saying that players are not at any fault, but something is, or has, happened outside of player control to make things worse.
Look at what is happening to other games right now. It seems that targeting fansites is becoming a much bigger issue than it has been in the past (I base this only on the amount of text generated over fansite issues in the past 3 months, so it is more conjecture than fact) and I'd guess that there are more fan/addon/strat sites for WoW than any other game out there.
If only a small percentage of those sites are compromised or mined for email addresses, it could have an effect in the number of compromised WoW accounts.
Then there is the battlenet merge. I'm not saying battlenet itself is not secure, but how many people do you think just used one of their common email addresses when they created the account? How many of those email addresses may have already been in the hands of malicious parties? Blizzard has recommended using a brand new email address for battlenet and not using that email address anywhere else. Great advice, but I'm not sure the message was spread effectively before it was already too late.
Add in the new patch late last year drawing players back and the people who create new accounts or reactivate old accounts during/after the holidays, you have a setup for the perfect storm of account compromise.
Blizzard deciding to use email as the username for battlenet accounts is a huge security blunder. Expecting players to create a separate email to explicitly deal with the gap in Blizzard's battlenet authentication (using email as username) is an unrealistic expectation. Any half-competent IT security professional should know this.
If it is indeed the fact that email are leaked and thus hackers effectively have a list of all of our account names, then Blizzard is in part to blame for making such a poor decision in their battlenet authentication design.
I've seen so many complaint's in the past where people blame Blizzard for using email as username.I just don't get why people are so bent on blaming Blizzard for this,when all you have to do is create a new free email somewhere and tie it Bnet.
It's so easy,but no people would rather blame Blizz.Please,if you care about your account you would make an email that is only used for Bnet.With all the phishing and such going on,you're just asking for trouble if you don't.Plus remember that having your username is only half the battle,they still need that password.
Because part of IT security means anticipating the behavior of your users. When they were thinking up their battlenet authentication system, and were thinking about changing usernames to be the email addresses linked to the account, they should have asked themselves two questions.
1) Should users create and use a new email address explicitly to link to their game account that uses email as the login?
2) Will the majority of users do this?
The answer to the first is yes, but the follow up question is obviously no. As much as it is a users responsibility to make sure that their login credentials are secret, it's the responsibility of those administrating said authentication to make it as simple and easy as possible for their users to do the proper things. Expecting users to go out of their way to make things more secure on their end -- create a new email exclusively to link to their account -- is not a realistic expectation, because the majority of people cannot be expected to do so.
So you can blame users all you want, but that doesn't change the fact that Blizzard made a poor design choice in their battlenet authentication system, because they did not design their security with their users in mind. Blizzard is as much at fault as the users are. As such, they're suffering with a flood of support calls with people trying to get their accounts back.
The same thing happened to me recently, it was odd because whoever hacked my account paid for a whole month, so i get to play for free for a little bit because of this.
Originally posted by Ceridith The sharp incline of hacks implies that there is something beyond user control involved. I would be extremely hard pressed to believe that it's all users getting themselves hacked by visiting gold buying sites, getting trojans, account sharing, phising schemes, etc. All of these things have been employed by hackers for years to breach WoW accounts, yet only recently has the frequency increased at an incredible rate. All things considered, per the user's end of responsibility, the amount of account breaches should remain relatively constant percentage wise with regards to the total population of WoW. It is not, however. It is exponentially increasing, and a logical assessment of the situation implies that something outside of player fault is to blame for these sharp increase. I'm not saying that players are not at any fault, but something is, or has, happened outside of player control to make things worse.
Look at what is happening to other games right now. It seems that targeting fansites is becoming a much bigger issue than it has been in the past (I base this only on the amount of text generated over fansite issues in the past 3 months, so it is more conjecture than fact) and I'd guess that there are more fan/addon/strat sites for WoW than any other game out there.
If only a small percentage of those sites are compromised or mined for email addresses, it could have an effect in the number of compromised WoW accounts.
Then there is the battlenet merge. I'm not saying battlenet itself is not secure, but how many people do you think just used one of their common email addresses when they created the account? How many of those email addresses may have already been in the hands of malicious parties? Blizzard has recommended using a brand new email address for battlenet and not using that email address anywhere else. Great advice, but I'm not sure the message was spread effectively before it was already too late.
Add in the new patch late last year drawing players back and the people who create new accounts or reactivate old accounts during/after the holidays, you have a setup for the perfect storm of account compromise.
Blizzard deciding to use email as the username for battlenet accounts is a huge security blunder. Expecting players to create a separate email to explicitly deal with the gap in Blizzard's battlenet authentication (using email as username) is an unrealistic expectation. Any half-competent IT security professional should know this.
If it is indeed the fact that email are leaked and thus hackers effectively have a list of all of our account names, then Blizzard is in part to blame for making such a poor decision in their battlenet authentication design.
I've seen so many complaint's in the past where people blame Blizzard for using email as username.I just don't get why people are so bent on blaming Blizzard for this,when all you have to do is create a new free email somewhere and tie it Bnet.
It's so easy,but no people would rather blame Blizz.Please,if you care about your account you would make an email that is only used for Bnet.With all the phishing and such going on,you're just asking for trouble if you don't.Plus remember that having your username is only half the battle,they still need that password.
Because part of IT security means anticipating the behavior of your users. When they were thinking up their battlenet authentication system, and were thinking about changing usernames to be the email addresses linked to the account, they should have asked themselves two questions.
1) Should users create and use a new email address explicitly to link to their game account that uses email as the login?
2) Will the majority of users do this?
The answer to the first is yes, but the follow up question is obviously no. As much as it is a users responsibility to make sure that their login credentials are secret, it's the responsibility of those administrating said authentication to make it as simple and easy as possible for their users to do the proper things. Expecting users to go out of their way to make things more secure on their end -- create a new email exclusively to link to their account -- is not a realistic expectation, because the majority of people cannot be expected to do so.
So you can blame users all you want, but that doesn't change the fact that Blizzard made a poor design choice in their battlenet authentication system, because they did not design their security with their users in mind. Blizzard is as much at fault as the users are. As such, they're suffering with a flood of support calls with people trying to get their accounts back.
I can see where you're coming from,but...
Compare it to having a house built for you and your family.
A company builds your house (Blizzard)
You decide to not close the doors and deadbolt (not change to a new free random email)
A criminal comes in and steals from you (Phishing,keylogger)
You lose contents of house (your account and or characters are stripped)
Do you blame the builder of said house? (Blizzard) or yourself for not installing deadbolt's ???
Builder (Ie Blizzard not at fault) as you could have secured but chose not to...
I can see where you're coming from,but... Compare it to having a house built for you and your family. A company builds your house (Blizzard) You decide to not close the doors and deadbolt (not change to a new free random email) A criminal comes in and steals from you (Phishing,keylogger) You lose contents of house (your account and or characters are stripped) Do you blame the builder of said house? (Blizzard) or yourself for not installing deadbolt's ??? Builder (Ie Blizzard not at fault) as you could have secured but chose not to...
You'd find the criminal and have him arrested... or beat the crap out of him, depending where you're from... but we can't do either because the little hacker is in China.
After seeing this thread pop up I logged on to look at my account and it seems to be hacked as well. I then talked to almost everyone I knew who has also had and an account and they all are finding the same thing. I know the issue did not happen at my end as I run a virus scan every day ( I use Kaspersky so it isn't a quality problem) and if there was a key logger on my computer they would have used some of my other accounts that have a lot more value than my WOW account. The issue seems to be a security issue that has more than just the user to blame.
I do find it rather interesting that Blizzard had their issue a few months back with China and now their customers are being hacked. Seems to be that anyone who has a problem with China is getting this type of a treatment. It might not be causative but sure does seem to be correlative.
I hope Blizzard is willing to help me out of this and figures out what is going on. A little bad publicity can from an these type of things can hurt a company big time.
Blizzard deciding to use email as the username for battlenet accounts is a huge security blunder. Expecting players to create a separate email to explicitly deal with the gap in Blizzard's battlenet authentication (using email as username) is an unrealistic expectation. Any half-competent IT security professional should know this. If it is indeed the fact that email are leaked and thus hackers effectively have a list of all of our account names, then Blizzard is in part to blame for making such a poor decision in their battlenet authentication design.
I agree it was a stupid choice for blizzard to go this route, but at the same time people are the ones being insecure here.
Prior to battlenet, would anyone post their login name all over the internet? Would anyone be surprised if millions of players suddenly did this and hacked accounts inceased? I highly doubt it, but for some reason everyone and they brother decided to change their login name to an email address they plaster on every other forum and website they visit.
I wonder how many people actually know that places like wowhead and thottbot are owned by gold farming companies and how many people posted their email address or password there?
I wonder how many people use the same email address and password on websites over the years and then used that same email address as their battlenet login. I wonder how many of those used the same password for both and didn't connect the dots.
Personally, I have been getting about 3 fake blizzard emails a day for the last few weeks. Up from about 3 per week. All to email accounts that have ZERO wow accounts tied to them. Hackers simply scan message forums for email address and then send them a phishing email.
I don't know why anyone is surprised there is a rise of hacked accounts. Tons more phishing emails and countless people just switched their user name to something almost anyone can access. Furthermore, anyone who can hack your email address has total access to your wow account and odds are the user would never even know it. I bet I could guess 10-15% of peoples passwords just from the ridiculously easy password hints they chose.
Originally posted by Berikai I can see where you're coming from,but... Compare it to having a house built for you and your family. A company builds your house (Blizzard) You decide to not close the doors and deadbolt (not change to a new free random email) A criminal comes in and steals from you (Phishing,keylogger) You lose contents of house (your account and or characters are stripped) Do you blame the builder of said house? (Blizzard) or yourself for not installing deadbolt's ??? Builder (Ie Blizzard not at fault) as you could have secured but chose not to...
Sorry but that's not a very good analogy.
A more accurate one would be that a very cheap lock was installed on the door that could easily be broken, but the construction company neglected to mention that they used a poor quality lock (e-mail address as username). Unless you have some idea of locks, or talked to someone who did (your average user would not), you wouldn't know that it was a poor quality lock and know that you needed to replace it (by using a dummy e-mail address). Even then, you would have to go out of your way to replace the lock on your own because the people who installed the cheap one never gave you an option, when they easily could have given you the choice in the first place (by letting us keep our original and private account names, or pick new unique account names unrelated to e-mail).
So once again, as much as it is the user's responsibility, it's Blizzard responsibility to facilitate making it easy for us to ensure our accounts are safe.
From an IT security perspective, blaming the user doesn't accomplish anything constructive, because there will always be some users that will forget or neglect to do something properly, because they're human. It's the responsibility of IT security to take that into consideration when designing their security, to make sure it's as easy to conform to as possible. Blizzard did not do this.
THE DIFFRENT HERE IS THAT FOR THE MOST PART YOU DIDNT NEED TO TYPE YOUR ACCOUNT NAME SO ANY KEYLOGGER WOULNT HAVE SO MUCH CHANCE OF GETTING BOTH . SO BASICLEY IT WAS BETTER THEN YOUR PASSWORD BUT NOW THEY KNOW ITS PROPERLEY YOUR EMAIL ADDRESS .
Originally posted by Daffid011 Personally, I have been getting about 3 fake blizzard emails a day for the last few weeks. Up from about 3 per week. All to email accounts that have ZERO wow accounts tied to them. Hackers simply scan message forums for email address and then send them a phishing email.
I don't know why anyone is surprised there is a rise of hacked accounts. Tons more phishing emails and countless people just switched their user name to something almost anyone can access. Furthermore, anyone who can hack your email address has total access to your wow account and odds are the user would never even know it. I bet I could guess 10-15% of peoples passwords just from the ridiculously easy password hints they chose.
Yup I got phishing scam emails in my paypal email address, but didn't get any from my uniquely created WoW email accounts. People are getting phished for using their age old email addresses that they use for everything else. If Blizzard's system was compromised, I would've gotten something in my WoW email account. But since I don't use these WoW email accounts for anything else, they got absolutely nothing in them, not one spam, not one phishing email.
My paypal account though, funny thing is I never bought gold in WoW, but I did in other games. But the last time I purchased any gold was 2 years ago in EQ. So looks like scammers/gold sellers are getting their email database from multiple sources, including other online gold sellers for non-WoW games.
I also got ingame tells from scammers that put random characters for the first line of tell, so the second line starts out with [GM-Blah], making it look like you just got a tell from a GM telling you to login to a site to check on your account. These scammers are getting really creative these days. I can totally see people falling for some of their methods because most people still don't know how to safeguard themselves.
The big reason why these issues are all user side-
If Blizzard itself was hacked, 2 main things would have happened/made massive public news by now. First, 11million peoples CC/personal info would have been stolen. You'd be seeing a lot more than just "missing gold/gear", you'd be seeing hundreds and thousands of illegal transactions along with identity theft on an epidemic scale. This is also something that one a similar scale must be publicly announced/reported.
Second, a real, working copy of SC2 or D3 would have been leaked onto the torrent sites of the world. Because really, if Blizzard was hacked, and the only thing of worth the hacker took was your gold and gear, and not any of the far, far more valuable information Blizz would have available, that hacker would be one of the most pathetic, unimaginatize ponces I'd ever heard of.
In the wonderful, relative world of things, each individual is a mere spec of dust just in the scope of WoW. Say 100,000 accounts were hacked recently, and say roughly 5mil total users not counting china, thats about 2%. Now, what'd really be fun to see are the actual numbers of compromised accounts that they could prove bought gold, got powerleveled, were shared/traded between people and compare that to trojan/phising/virii attack victims. That should cause some fun times.
Your logic fails and fails hard.
CC and customer info isn't stored in the same place as your login and authentication information.
If during the crossover a weakness was exploited then people who either switched accounts or logged in during a certain time frame may have had thier login info comprimised. Once the login info is comprimised, then the people doing this may have found a way to gain access to the accounts while remaining difficult to track.
Blizzard wouldn't release this information if no PI (personal information) was comprimised.
I'm fairly certain that one aspect of the crossover or authentication server was comprimised and caused this. Since I had my account hacked and haven't subbed to the game in over a year. I took advantage of the 10 day Lich King trial and about two weeks after that trial (I had to merge my Bnet acct) I got an email about my acct being banned for gold selling.
Originally posted by Berikai I can see where you're coming from,but... Compare it to having a house built for you and your family. A company builds your house (Blizzard) You decide to not close the doors and deadbolt (not change to a new free random email) A criminal comes in and steals from you (Phishing,keylogger) You lose contents of house (your account and or characters are stripped) Do you blame the builder of said house? (Blizzard) or yourself for not installing deadbolt's ??? Builder (Ie Blizzard not at fault) as you could have secured but chose not to...
Sorry but that's not a very good analogy.
A more accurate one would be that a very cheap lock was installed on the door that could easily be broken, but the construction company neglected to mention that they used a poor quality lock (e-mail address as username). Unless you have some idea of locks, or talked to someone who did (your average user would not), you wouldn't know that it was a poor quality lock and know that you needed to replace it (by using a dummy e-mail address). Even then, you would have to go out of your way to replace the lock on your own because the people who installed the cheap one never gave you an option, when they easily could have given you the choice in the first place (by letting us keep our original and private account names, or pick new unique account names unrelated to e-mail).
So once again, as much as it is the user's responsibility, it's Blizzard responsibility to facilitate making it easy for us to ensure our accounts are safe.
From an IT security perspective, blaming the user doesn't accomplish anything constructive, because there will always be some users that will forget or neglect to do something properly, because they're human. It's the responsibility of IT security to take that into consideration when designing their security, to make sure it's as easy to conform to as possible. Blizzard did not do this.
I knew when I posted that you would go after my analogy.See some things are just blatantly obvious and don't need over analyzed.My analogy was simple and gets the point across and is accurate.This isn't Blizz's fault,as the end result is up to the user,just like locking the door at home.If the end user doesn't apply a more secure username and password that's on them.Just like you wouldn't go around giving everyone you don't know your phone#,you don't use your commonly used email.
Originally posted by Berikai I can see where you're coming from,but... Compare it to having a house built for you and your family. A company builds your house (Blizzard) You decide to not close the doors and deadbolt (not change to a new free random email) A criminal comes in and steals from you (Phishing,keylogger) You lose contents of house (your account and or characters are stripped) Do you blame the builder of said house? (Blizzard) or yourself for not installing deadbolt's ??? Builder (Ie Blizzard not at fault) as you could have secured but chose not to...
Sorry but that's not a very good analogy.
A more accurate one would be that a very cheap lock was installed on the door that could easily be broken, but the construction company neglected to mention that they used a poor quality lock (e-mail address as username). Unless you have some idea of locks, or talked to someone who did (your average user would not), you wouldn't know that it was a poor quality lock and know that you needed to replace it (by using a dummy e-mail address). Even then, you would have to go out of your way to replace the lock on your own because the people who installed the cheap one never gave you an option, when they easily could have given you the choice in the first place (by letting us keep our original and private account names, or pick new unique account names unrelated to e-mail).
So once again, as much as it is the user's responsibility, it's Blizzard responsibility to facilitate making it easy for us to ensure our accounts are safe.
From an IT security perspective, blaming the user doesn't accomplish anything constructive, because there will always be some users that will forget or neglect to do something properly, because they're human. It's the responsibility of IT security to take that into consideration when designing their security, to make sure it's as easy to conform to as possible. Blizzard did not do this.
I knew when I posted that you would go after my analogy.See some things are just blatantly obvious and don't need over analyzed.My analogy was simple and gets the point across and is accurate.This isn't Blizz's fault,as the end result is up to the user,just like locking the door at home.If the end user doesn't apply a more secure username and password that's on them.Just like you wouldn't go around giving everyone you don't know your phone#,you don't use your commonly used email.
I dont beleive that all of the users are at fault. If I was at fault, then I would not have gotten my account back.
My password also consisted of no dictionary words, contained 2 numbers and was 9 characters long. Not a very easy password to brute force. I sincerely believe there was a weakness in Blizzards authentication system.
I knew when I posted that you would go after my analogy.See some things are just blatantly obvious and don't need over analyzed.My analogy was simple and gets the point across and is accurate.This isn't Blizz's fault,as the end result is up to the user,just like locking the door at home.If the end user doesn't apply a more secure username and password that's on them.Just like you wouldn't go around giving everyone you don't know your phone#,you don't use your commonly used email.
It is as much Blizzard's fault as it is the user's fault.
Blizzard is a company of professionals. Those employed there who work with their account authentication should understand the intricacies and pitfalls of certain design decisions with regards to account authentication. Most users will not have the knowledge or capacity to understand these concepts, and as such cannot be expected to know when or how to change their behavior, and even fewer will understand the value in doing so when they are told to.
Those in charge of designing Blizzard's Battlenet authentication system made a choice in how the authentication system works. They decided to change the system in a manner where it required users to have to take an additional step to stay at the same level of security as the old authentication system. As mentioned, most users did not even realize that the change of username to be the email tied to the battlenet account was an increased security risk. In short, Blizzard knowingly decided to make their system less secure.
Now you can argue as much as you want that users are at fault if they do not close that gap. The problem with that is, it doesn't accomplish anything. Most users don't understand the issues involved, nor can they be expected to understand such technical issues... they're users after all. That is why it is the responsibility of those administrating the authentication system, who should understand the technical details, to ensure that their design of the system is as foolproof as possible, on not only their end, but for users as well.
Blaming users for not reacting properly to a poor design decision does not accomplish anything. Blaming the administrators for a poor design decision on the other hand, might get them to reevaluate their methods to make things easier for their users in the future.
I keep getting those fake e-mails from hackers. My question is, how did they get my e-mail. I don't share the e-mail I use for my WoW account anywhere. It looks to me like Blizzard's database has been severely compromised.
EQ1, EQ2, SWG, SWTOR, GW, GW2 CoH, CoV, FFXI, WoW, CO, War,TSW and a slew of free trials and beta tests
Yeah...My story is that at times ppl peod me on wow...and I'm thinking I struck back at someone that had connections at wow receniently and now I'm band for "advirtising third party spam or some such..." from one of my characters on my account...Inquiry was met with inhuman services and "pass the buck"...tactics...So I am band...Thank God! I've had enough.
Comments
What would add a bit of extra security is if game login passwords were seperate from Master accounts battle.net. Someone keylogs ur game password they got access to every game on that account.
Good/Bad news. When my account was ripped, All my items were stripped, I lost over 4000G worth of items, and over 2000g Worth of gold. My character was being used as a mining bot to mien bot things However here is the interesting thing.
I put in a gm service call when this happend, and it says. Your Ticket will be serviced soon, but its been like 24/48 horus almost no answer? Also my characters were deleted on some of them. When my character Logged in from being compromised and getting my account back again, I discovered someone registered my account using someone elses creditcard, or their own creditcard on my account to pay for 1 month subscription. Also my account was logged out over 1000 feet in the air and fell to its death, the same as I saw someone else post on here happen to them.
No Idea what really happen but umm. Does Blizzard really need updated security ?
Except I've never received any type of phishing e-mail.
No,not everyone was exposed this way,but the numbers that were phished is probably really high.
Consider this,I've never ever been phished on my WOW account until today,yes today.
Dead give away as it asked for account email and password and cd key.
What's really funny is it was sent to my email that has nothing to do with my WOW account.My Battlenet is the only thing that email is used for.No one knows it.The email it was sent to is used at this site and other WOW sites.It makes me think that people are scanning WOW forums and getting peoples email from the sites and then phishing them.Just a thought!
Iv'e already done this and they swear up and down that it is my fault. Same exact things have happened to me. Why the hell would I ever buy or pay for another blizzard game if someone can hack my account, steal my stuff, and delete my characters anytime they feel like it and then blizzard blames me for it. It's like pitching your money down a hole, give me one reason i would ever buy another blizzard product. I asked the blizzard tech support this...they couldn't give me an answer...
You know,there's something about Curse.com that's always made me leery of using that site or it's client.
I do use 2-3 addons and I always manually installed them instead of using the Curse client.I just don't trust it and I got them from a different site.
Yea, I'd never use any kind of auto-update program for add-ons - that's asking for trouble imo.
Though you should probably ignore what I said, as there's no wayt they could have got my login details from the time I visited curse, I was unsubbed by that time... must have been since it was active.
The woman I spoke to at Blizzard was rather sure of herself, when I asked if there could be any chance that Blizzard's database could somehow be compromised she said "No chance, Blizzard is a multi-billion dollar company". Not really the most reassuring answer, is it?
-iCeh
The sharp incline of hacks implies that there is something beyond user control involved. I would be extremely hard pressed to believe that it's all users getting themselves hacked by visiting gold buying sites, getting trojans, account sharing, phising schemes, etc. All of these things have been employed by hackers for years to breach WoW accounts, yet only recently has the frequency increased at an incredible rate. All things considered, per the user's end of responsibility, the amount of account breaches should remain relatively constant percentage wise with regards to the total population of WoW.
It is not, however. It is exponentially increasing, and a logical assessment of the situation implies that something outside of player fault is to blame for these sharp increase. I'm not saying that players are not at any fault, but something is, or has, happened outside of player control to make things worse.
Look at what is happening to other games right now. It seems that targeting fansites is becoming a much bigger issue than it has been in the past (I base this only on the amount of text generated over fansite issues in the past 3 months, so it is more conjecture than fact) and I'd guess that there are more fan/addon/strat sites for WoW than any other game out there.
If only a small percentage of those sites are compromised or mined for email addresses, it could have an effect in the number of compromised WoW accounts.
Then there is the battlenet merge. I'm not saying battlenet itself is not secure, but how many people do you think just used one of their common email addresses when they created the account? How many of those email addresses may have already been in the hands of malicious parties? Blizzard has recommended using a brand new email address for battlenet and not using that email address anywhere else. Great advice, but I'm not sure the message was spread effectively before it was already too late.
Add in the new patch late last year drawing players back and the people who create new accounts or reactivate old accounts during/after the holidays, you have a setup for the perfect storm of account compromise.
Look at what is happening to other games right now. It seems that targeting fansites is becoming a much bigger issue than it has been in the past (I base this only on the amount of text generated over fansite issues in the past 3 months, so it is more conjecture than fact) and I'd guess that there are more fan/addon/strat sites for WoW than any other game out there.
If only a small percentage of those sites are compromised or mined for email addresses, it could have an effect in the number of compromised WoW accounts.
Then there is the battlenet merge. I'm not saying battlenet itself is not secure, but how many people do you think just used one of their common email addresses when they created the account? How many of those email addresses may have already been in the hands of malicious parties? Blizzard has recommended using a brand new email address for battlenet and not using that email address anywhere else. Great advice, but I'm not sure the message was spread effectively before it was already too late.
Add in the new patch late last year drawing players back and the people who create new accounts or reactivate old accounts during/after the holidays, you have a setup for the perfect storm of account compromise.
Blizzard deciding to use email as the username for battlenet accounts is a huge security blunder. Expecting players to create a separate email to explicitly deal with the gap in Blizzard's battlenet authentication (using email as username) is an unrealistic expectation. Any half-competent IT security professional should know this.
If it is indeed the fact that email are leaked and thus hackers effectively have a list of all of our account names, then Blizzard is in part to blame for making such a poor decision in their battlenet authentication design.
Look at what is happening to other games right now. It seems that targeting fansites is becoming a much bigger issue than it has been in the past (I base this only on the amount of text generated over fansite issues in the past 3 months, so it is more conjecture than fact) and I'd guess that there are more fan/addon/strat sites for WoW than any other game out there.
If only a small percentage of those sites are compromised or mined for email addresses, it could have an effect in the number of compromised WoW accounts.
Then there is the battlenet merge. I'm not saying battlenet itself is not secure, but how many people do you think just used one of their common email addresses when they created the account? How many of those email addresses may have already been in the hands of malicious parties? Blizzard has recommended using a brand new email address for battlenet and not using that email address anywhere else. Great advice, but I'm not sure the message was spread effectively before it was already too late.
Add in the new patch late last year drawing players back and the people who create new accounts or reactivate old accounts during/after the holidays, you have a setup for the perfect storm of account compromise.
Blizzard deciding to use email as the username for battlenet accounts is a huge security blunder. Expecting players to create a separate email to explicitly deal with the gap in Blizzard's battlenet authentication (using email as username) is an unrealistic expectation. Any half-competent IT security professional should know this.
If it is indeed the fact that email are leaked and thus hackers effectively have a list of all of our account names, then Blizzard is in part to blame for making such a poor decision in their battlenet authentication design.
I've seen so many complaint's in the past where people blame Blizzard for using email as username.I just don't get why people are so bent on blaming Blizzard for this,when all you have to do is create a new free email somewhere and tie it Bnet.
It's so easy,but no people would rather blame Blizz.Please,if you care about your account you would make an email that is only used for Bnet.With all the phishing and such going on,you're just asking for trouble if you don't.Plus remember that having your username is only half the battle,they still need that password.
QFT, people using their aol email address that gets 50 spam a day and it's the same email address they use for facebook, myspace, youtube, banking, creditcard, 401k, ebay, paypal, bestbuy rewards zone, mmorpg, ign forums, etc etc... and best of all, some of them are still using 12345 as their passwords. Sound familiar? I bet some people reading this would think "omg that's me, how does he know?!". People today simply need to be smarter.
Sure non-email usernames are unique, but so are brand new email accounts that you can create from gmail, hotmail, yahoo, etc.. If you want unique usernames, then create an unique email address just for gaming. Voila, it's that simple, it's that easy. But no no, let's blame the company for using email address as usernames, because obviously we need to prolong people's ignorance and bad internet practices. We need to keep on telling people having simply an anti-virus program is good enough to safeguard their private information...
We live in the age of electronic information, every single day your private data gets passed through the internet. People need to learn how to better safeguard themselves. Using email address as username isn't the problem. People need to create new unique email addresses for different things they do, rather than use the same one email address that everybody already knows by now for everything. People need to update their passwords because you have no idea how many people still use 12345, 1111, password, or their name as their password.
Could Blizzard be at fault for something? Sure, it's a possibility, but I'm not going to say for sure until someone proves it. But is Blizzard at fault for using email address as usernames? Heck no, email addresses can be as unique as anything else, you just have to create new email accounts for various things you do.
EQ1-AC1-DAOC-FFXI-L2-EQ2-WoW-DDO-GW-LoTR-VG-WAR-GW2-ESO
Look at what is happening to other games right now. It seems that targeting fansites is becoming a much bigger issue than it has been in the past (I base this only on the amount of text generated over fansite issues in the past 3 months, so it is more conjecture than fact) and I'd guess that there are more fan/addon/strat sites for WoW than any other game out there.
If only a small percentage of those sites are compromised or mined for email addresses, it could have an effect in the number of compromised WoW accounts.
Then there is the battlenet merge. I'm not saying battlenet itself is not secure, but how many people do you think just used one of their common email addresses when they created the account? How many of those email addresses may have already been in the hands of malicious parties? Blizzard has recommended using a brand new email address for battlenet and not using that email address anywhere else. Great advice, but I'm not sure the message was spread effectively before it was already too late.
Add in the new patch late last year drawing players back and the people who create new accounts or reactivate old accounts during/after the holidays, you have a setup for the perfect storm of account compromise.
Blizzard deciding to use email as the username for battlenet accounts is a huge security blunder. Expecting players to create a separate email to explicitly deal with the gap in Blizzard's battlenet authentication (using email as username) is an unrealistic expectation. Any half-competent IT security professional should know this.
If it is indeed the fact that email are leaked and thus hackers effectively have a list of all of our account names, then Blizzard is in part to blame for making such a poor decision in their battlenet authentication design.
I've seen so many complaint's in the past where people blame Blizzard for using email as username.I just don't get why people are so bent on blaming Blizzard for this,when all you have to do is create a new free email somewhere and tie it Bnet.
It's so easy,but no people would rather blame Blizz.Please,if you care about your account you would make an email that is only used for Bnet.With all the phishing and such going on,you're just asking for trouble if you don't.Plus remember that having your username is only half the battle,they still need that password.
Because part of IT security means anticipating the behavior of your users. When they were thinking up their battlenet authentication system, and were thinking about changing usernames to be the email addresses linked to the account, they should have asked themselves two questions.
1) Should users create and use a new email address explicitly to link to their game account that uses email as the login?
2) Will the majority of users do this?
The answer to the first is yes, but the follow up question is obviously no. As much as it is a users responsibility to make sure that their login credentials are secret, it's the responsibility of those administrating said authentication to make it as simple and easy as possible for their users to do the proper things. Expecting users to go out of their way to make things more secure on their end -- create a new email exclusively to link to their account -- is not a realistic expectation, because the majority of people cannot be expected to do so.
So you can blame users all you want, but that doesn't change the fact that Blizzard made a poor design choice in their battlenet authentication system, because they did not design their security with their users in mind. Blizzard is as much at fault as the users are. As such, they're suffering with a flood of support calls with people trying to get their accounts back.
The same thing happened to me recently, it was odd because whoever hacked my account paid for a whole month, so i get to play for free for a little bit because of this.
Look at what is happening to other games right now. It seems that targeting fansites is becoming a much bigger issue than it has been in the past (I base this only on the amount of text generated over fansite issues in the past 3 months, so it is more conjecture than fact) and I'd guess that there are more fan/addon/strat sites for WoW than any other game out there.
If only a small percentage of those sites are compromised or mined for email addresses, it could have an effect in the number of compromised WoW accounts.
Then there is the battlenet merge. I'm not saying battlenet itself is not secure, but how many people do you think just used one of their common email addresses when they created the account? How many of those email addresses may have already been in the hands of malicious parties? Blizzard has recommended using a brand new email address for battlenet and not using that email address anywhere else. Great advice, but I'm not sure the message was spread effectively before it was already too late.
Add in the new patch late last year drawing players back and the people who create new accounts or reactivate old accounts during/after the holidays, you have a setup for the perfect storm of account compromise.
Blizzard deciding to use email as the username for battlenet accounts is a huge security blunder. Expecting players to create a separate email to explicitly deal with the gap in Blizzard's battlenet authentication (using email as username) is an unrealistic expectation. Any half-competent IT security professional should know this.
If it is indeed the fact that email are leaked and thus hackers effectively have a list of all of our account names, then Blizzard is in part to blame for making such a poor decision in their battlenet authentication design.
I've seen so many complaint's in the past where people blame Blizzard for using email as username.I just don't get why people are so bent on blaming Blizzard for this,when all you have to do is create a new free email somewhere and tie it Bnet.
It's so easy,but no people would rather blame Blizz.Please,if you care about your account you would make an email that is only used for Bnet.With all the phishing and such going on,you're just asking for trouble if you don't.Plus remember that having your username is only half the battle,they still need that password.
Because part of IT security means anticipating the behavior of your users. When they were thinking up their battlenet authentication system, and were thinking about changing usernames to be the email addresses linked to the account, they should have asked themselves two questions.
1) Should users create and use a new email address explicitly to link to their game account that uses email as the login?
2) Will the majority of users do this?
The answer to the first is yes, but the follow up question is obviously no. As much as it is a users responsibility to make sure that their login credentials are secret, it's the responsibility of those administrating said authentication to make it as simple and easy as possible for their users to do the proper things. Expecting users to go out of their way to make things more secure on their end -- create a new email exclusively to link to their account -- is not a realistic expectation, because the majority of people cannot be expected to do so.
So you can blame users all you want, but that doesn't change the fact that Blizzard made a poor design choice in their battlenet authentication system, because they did not design their security with their users in mind. Blizzard is as much at fault as the users are. As such, they're suffering with a flood of support calls with people trying to get their accounts back.
I can see where you're coming from,but...
Compare it to having a house built for you and your family.
A company builds your house (Blizzard)
You decide to not close the doors and deadbolt (not change to a new free random email)
A criminal comes in and steals from you (Phishing,keylogger)
You lose contents of house (your account and or characters are stripped)
Do you blame the builder of said house? (Blizzard) or yourself for not installing deadbolt's ???
Builder (Ie Blizzard not at fault) as you could have secured but chose not to...
You'd find the criminal and have him arrested... or beat the crap out of him, depending where you're from... but we can't do either because the little hacker is in China.
-iCeh
After seeing this thread pop up I logged on to look at my account and it seems to be hacked as well. I then talked to almost everyone I knew who has also had and an account and they all are finding the same thing. I know the issue did not happen at my end as I run a virus scan every day ( I use Kaspersky so it isn't a quality problem) and if there was a key logger on my computer they would have used some of my other accounts that have a lot more value than my WOW account. The issue seems to be a security issue that has more than just the user to blame.
I do find it rather interesting that Blizzard had their issue a few months back with China and now their customers are being hacked. Seems to be that anyone who has a problem with China is getting this type of a treatment. It might not be causative but sure does seem to be correlative.
I hope Blizzard is willing to help me out of this and figures out what is going on. A little bad publicity can from an these type of things can hurt a company big time.
I agree it was a stupid choice for blizzard to go this route, but at the same time people are the ones being insecure here.
Prior to battlenet, would anyone post their login name all over the internet? Would anyone be surprised if millions of players suddenly did this and hacked accounts inceased? I highly doubt it, but for some reason everyone and they brother decided to change their login name to an email address they plaster on every other forum and website they visit.
I wonder how many people actually know that places like wowhead and thottbot are owned by gold farming companies and how many people posted their email address or password there?
I wonder how many people use the same email address and password on websites over the years and then used that same email address as their battlenet login. I wonder how many of those used the same password for both and didn't connect the dots.
Personally, I have been getting about 3 fake blizzard emails a day for the last few weeks. Up from about 3 per week. All to email accounts that have ZERO wow accounts tied to them. Hackers simply scan message forums for email address and then send them a phishing email.
I don't know why anyone is surprised there is a rise of hacked accounts. Tons more phishing emails and countless people just switched their user name to something almost anyone can access. Furthermore, anyone who can hack your email address has total access to your wow account and odds are the user would never even know it. I bet I could guess 10-15% of peoples passwords just from the ridiculously easy password hints they chose.
Sorry but that's not a very good analogy.
A more accurate one would be that a very cheap lock was installed on the door that could easily be broken, but the construction company neglected to mention that they used a poor quality lock (e-mail address as username). Unless you have some idea of locks, or talked to someone who did (your average user would not), you wouldn't know that it was a poor quality lock and know that you needed to replace it (by using a dummy e-mail address). Even then, you would have to go out of your way to replace the lock on your own because the people who installed the cheap one never gave you an option, when they easily could have given you the choice in the first place (by letting us keep our original and private account names, or pick new unique account names unrelated to e-mail).
So once again, as much as it is the user's responsibility, it's Blizzard responsibility to facilitate making it easy for us to ensure our accounts are safe.
From an IT security perspective, blaming the user doesn't accomplish anything constructive, because there will always be some users that will forget or neglect to do something properly, because they're human. It's the responsibility of IT security to take that into consideration when designing their security, to make sure it's as easy to conform to as possible. Blizzard did not do this.
THE DIFFRENT HERE IS THAT FOR THE MOST PART YOU DIDNT NEED TO TYPE YOUR ACCOUNT NAME SO ANY KEYLOGGER WOULNT HAVE SO MUCH CHANCE OF GETTING BOTH . SO BASICLEY IT WAS BETTER THEN YOUR PASSWORD BUT NOW THEY KNOW ITS PROPERLEY YOUR EMAIL ADDRESS .
Yup I got phishing scam emails in my paypal email address, but didn't get any from my uniquely created WoW email accounts. People are getting phished for using their age old email addresses that they use for everything else. If Blizzard's system was compromised, I would've gotten something in my WoW email account. But since I don't use these WoW email accounts for anything else, they got absolutely nothing in them, not one spam, not one phishing email.
My paypal account though, funny thing is I never bought gold in WoW, but I did in other games. But the last time I purchased any gold was 2 years ago in EQ. So looks like scammers/gold sellers are getting their email database from multiple sources, including other online gold sellers for non-WoW games.
I also got ingame tells from scammers that put random characters for the first line of tell, so the second line starts out with [GM-Blah], making it look like you just got a tell from a GM telling you to login to a site to check on your account. These scammers are getting really creative these days. I can totally see people falling for some of their methods because most people still don't know how to safeguard themselves.
EQ1-AC1-DAOC-FFXI-L2-EQ2-WoW-DDO-GW-LoTR-VG-WAR-GW2-ESO
Your logic fails and fails hard.
CC and customer info isn't stored in the same place as your login and authentication information.
If during the crossover a weakness was exploited then people who either switched accounts or logged in during a certain time frame may have had thier login info comprimised. Once the login info is comprimised, then the people doing this may have found a way to gain access to the accounts while remaining difficult to track.
Blizzard wouldn't release this information if no PI (personal information) was comprimised.
I'm fairly certain that one aspect of the crossover or authentication server was comprimised and caused this. Since I had my account hacked and haven't subbed to the game in over a year. I took advantage of the 10 day Lich King trial and about two weeks after that trial (I had to merge my Bnet acct) I got an email about my acct being banned for gold selling.
Sorry but that's not a very good analogy.
A more accurate one would be that a very cheap lock was installed on the door that could easily be broken, but the construction company neglected to mention that they used a poor quality lock (e-mail address as username). Unless you have some idea of locks, or talked to someone who did (your average user would not), you wouldn't know that it was a poor quality lock and know that you needed to replace it (by using a dummy e-mail address). Even then, you would have to go out of your way to replace the lock on your own because the people who installed the cheap one never gave you an option, when they easily could have given you the choice in the first place (by letting us keep our original and private account names, or pick new unique account names unrelated to e-mail).
So once again, as much as it is the user's responsibility, it's Blizzard responsibility to facilitate making it easy for us to ensure our accounts are safe.
From an IT security perspective, blaming the user doesn't accomplish anything constructive, because there will always be some users that will forget or neglect to do something properly, because they're human. It's the responsibility of IT security to take that into consideration when designing their security, to make sure it's as easy to conform to as possible. Blizzard did not do this.
I knew when I posted that you would go after my analogy.See some things are just blatantly obvious and don't need over analyzed.My analogy was simple and gets the point across and is accurate.This isn't Blizz's fault,as the end result is up to the user,just like locking the door at home.If the end user doesn't apply a more secure username and password that's on them.Just like you wouldn't go around giving everyone you don't know your phone#,you don't use your commonly used email.
Sorry but that's not a very good analogy.
A more accurate one would be that a very cheap lock was installed on the door that could easily be broken, but the construction company neglected to mention that they used a poor quality lock (e-mail address as username). Unless you have some idea of locks, or talked to someone who did (your average user would not), you wouldn't know that it was a poor quality lock and know that you needed to replace it (by using a dummy e-mail address). Even then, you would have to go out of your way to replace the lock on your own because the people who installed the cheap one never gave you an option, when they easily could have given you the choice in the first place (by letting us keep our original and private account names, or pick new unique account names unrelated to e-mail).
So once again, as much as it is the user's responsibility, it's Blizzard responsibility to facilitate making it easy for us to ensure our accounts are safe.
From an IT security perspective, blaming the user doesn't accomplish anything constructive, because there will always be some users that will forget or neglect to do something properly, because they're human. It's the responsibility of IT security to take that into consideration when designing their security, to make sure it's as easy to conform to as possible. Blizzard did not do this.
I knew when I posted that you would go after my analogy.See some things are just blatantly obvious and don't need over analyzed.My analogy was simple and gets the point across and is accurate.This isn't Blizz's fault,as the end result is up to the user,just like locking the door at home.If the end user doesn't apply a more secure username and password that's on them.Just like you wouldn't go around giving everyone you don't know your phone#,you don't use your commonly used email.
I dont beleive that all of the users are at fault. If I was at fault, then I would not have gotten my account back.
My password also consisted of no dictionary words, contained 2 numbers and was 9 characters long. Not a very easy password to brute force. I sincerely believe there was a weakness in Blizzards authentication system.
It is as much Blizzard's fault as it is the user's fault.
Blizzard is a company of professionals. Those employed there who work with their account authentication should understand the intricacies and pitfalls of certain design decisions with regards to account authentication. Most users will not have the knowledge or capacity to understand these concepts, and as such cannot be expected to know when or how to change their behavior, and even fewer will understand the value in doing so when they are told to.
Those in charge of designing Blizzard's Battlenet authentication system made a choice in how the authentication system works. They decided to change the system in a manner where it required users to have to take an additional step to stay at the same level of security as the old authentication system. As mentioned, most users did not even realize that the change of username to be the email tied to the battlenet account was an increased security risk. In short, Blizzard knowingly decided to make their system less secure.
Now you can argue as much as you want that users are at fault if they do not close that gap. The problem with that is, it doesn't accomplish anything. Most users don't understand the issues involved, nor can they be expected to understand such technical issues... they're users after all. That is why it is the responsibility of those administrating the authentication system, who should understand the technical details, to ensure that their design of the system is as foolproof as possible, on not only their end, but for users as well.
Blaming users for not reacting properly to a poor design decision does not accomplish anything. Blaming the administrators for a poor design decision on the other hand, might get them to reevaluate their methods to make things easier for their users in the future.
I keep getting those fake e-mails from hackers. My question is, how did they get my e-mail. I don't share the e-mail I use for my WoW account anywhere. It looks to me like Blizzard's database has been severely compromised.
EQ1, EQ2, SWG, SWTOR, GW, GW2 CoH, CoV, FFXI, WoW, CO, War,TSW and a slew of free trials and beta tests
Yeah...My story is that at times ppl peod me on wow...and I'm thinking I struck back at someone that had connections at wow receniently and now I'm band for "advirtising third party spam or some such..." from one of my characters on my account...Inquiry was met with inhuman services and "pass the buck"...tactics...So I am band...Thank God! I've had enough.