Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

WoW Account hacking, exceptionally much?

135

Comments

  • expressoexpresso Member UncommonPosts: 2,218

    The reason some of you got hacked after the bnet switch is simple and still your responsibilty.

    First off becuase you get the BAN email on a friday does not mean you were hacked the day before.

    Hackers could of keylogged your machine a long long time ago, you dont need to download a dodgy mod or open a phishing mail, flash script is good enough ( http://www.wow.com/2008/05/28/new-exploits-target-flash/ ).

    With this keylogger on your machine or the site with the infected flash script open in another tab you decide to go check your hotmail, gmail.. whatever and so you type your email address to login as your cookies have expired.  EMAIL ADDRESS CAPTURED AND MAYBE PASSWORD CAPTURED.  You then just minimise your bowser and boot up WoW, the username is already typed so the key logger aint getting that but you do need to type your password. PASSWORD CAPTURED.

    You now have a hacker with a database of email address and assosiated wow password - useful for phishing emails etc - he will just sit on this information selling it on to other hackers and so on - information is money. 

    Then the Bnet 2.0 change came along, most people would create an account with their primary Email address - hum guess what the hacker now has your WoW login details (EMAIL & WOW PASSWORD).

    It's is only a matter of time that the hacker tests with the information and gains access to your account.

    Thats how easy it is.

  • vi2023lyvi2023ly Member Posts: 56

    I have not been hacked.  My account has been inactive since February and I just checked and it still hasn't been banned.

    But, this has to be something on Blizzard's end.  It just doesn't add up any other way.


    1. Some people get hacked but not many and it's usually obvious as to how

    2. Blizzard makes everyone register on battle.net

    3. Many people (orders of magnitude more people) start getting hacked

    Now, since the battle.net switch I've been receiving lots of phishing emails (one or two a day, sometimes more) but since I'm not subbed I just forward them on to hacks@blizzard.com and forget about it.  This e-mail address is registered with lots of MMO sites so that doesn't prove anything but it's fishy (phishy.. get it.. heh!) 


     


    But this isn't a problem with the end users, it's much to widespread for that and the sudden surge in account hacking that happened with the switch to b.net points the finger squarely at Blizzard.


     


    What's sad for me is I was looking forward to resubbing for Cataclysm but there's no way in hell I'll even consider resubbing until this problem is brought under control.

  • jimmyman99jimmyman99 Member UncommonPosts: 3,221

    Originally posted by vi2023ly

    I have not been hacked.  My account has been inactive since February and I just checked and it still hasn't been banned.

    But, this has to be something on Blizzard's end.  It just doesn't add up any other way.


    1. Some people get hacked but not many and it's usually obvious as to how

    2. Blizzard makes everyone register on battle.net

    3. Many people (orders of magnitude more people) start getting hacked

    Now, since the battle.net switch I've been receiving lots of phishing emails (one or two a day, sometimes more) but since I'm not subbed I just forward them on to hacks@blizzard.com and forget about it.  This e-mail address is registered with lots of MMO sites so that doesn't prove anything but it's fishy (phishy.. get it.. heh!) 


     


    But this isn't a problem with the end users, it's much to widespread for that and the sudden surge in account hacking that happened with the switch to b.net points the finger squarely at Blizzard.


     


    What's sad for me is I was looking forward to resubbing for Cataclysm but there's no way in hell I'll even consider resubbing until this problem is brought under control.

    NO, it points at the hackers. THe reason why the sheer amount of phishing emails and such is because WoW is so popular and because they can't hack Blizzard. You don't see any phishing emails asking to log to a game called Horizons (I know its not called that anymore, just to illustrate the point), because barely anyone plays it. Noone is interested in hijacking a Horizons account. They want to hijack game accounts where they can steal money - WoW is a goldmine for these purposes.

    Many people getting hacked means a lot of people are simply computer illiterate. They do not distinguish between simple things. My father used to get caught for the spoof where a fishy site would present an image of a regular window with a message and an OK button. He could not distinguish that from a genuine Windows message. He kept clicking on it. I had to make him learn about it the hard way (if you move your mouse over the OK button and it looks like a hand pointing a finger upwards, DO NOT CLICK on it).

    I am the type of player where I like to do everything and anything from time to time.
    image
    http://en.wikipedia.org/wiki/Holodomor - pre-WW2 genocide.
    imageimage

  • Astro6Astro6 Member UncommonPosts: 240

    The most common attack vector is social networking websites, facebook,myspace,twitter have had massive security breaches allowing hackers to infect apps thus infecting tens of thousands of users ans popular web games though flash advertisements.

    They also target web advertising they pay 20 bucks put there ad with a web advertising outfit an infect a huge amount of web browsers on popular sites such as newspapers,news,celeb sites,movie and tv sites, online game sites such as curse gaming,allakazam,farmville, mafia wars and list goes on and on.

    Facebook atm is the largest attack vector due to shear numbers of users they are the number one spreaders of fake av's and keyloggers on the net atm if you want to blame someone you can blame facebook security in past year they have had there apps hacked about a dozen times and counting.
     
    Also internet explorer has a security hole atm which hackers are still using to get passwords just from visiting their site using java script they get your email address and passwords , you can blame microsoft for this they were warned it has been around for 2 years now.
     
    Best security when browsing the web:
    Firefox current version, with noscript, adblock plus,WOT,betterprivacy.

  • Daffid011Daffid011 Member UncommonPosts: 7,945

    Originally posted by vi2023ly

    I have not been hacked.  My account has been inactive since February and I just checked and it still hasn't been banned.

    But, this has to be something on Blizzard's end.  It just doesn't add up any other way.


    1. Some people get hacked but not many and it's usually obvious as to how

    2. Blizzard makes everyone register on battle.net

    3. Many people (orders of magnitude more people) start getting hacked

    Now, since the battle.net switch I've been receiving lots of phishing emails (one or two a day, sometimes more) but since I'm not subbed I just forward them on to hacks@blizzard.com and forget about it.  This e-mail address is registered with lots of MMO sites so that doesn't prove anything but it's fishy (phishy.. get it.. heh!) 


     


    But this isn't a problem with the end users, it's much to widespread for that and the sudden surge in account hacking that happened with the switch to b.net points the finger squarely at Blizzard.


     


    What's sad for me is I was looking forward to resubbing for Cataclysm but there's no way in hell I'll even consider resubbing until this problem is brought under control.

    1) Many people were already getting hacked prior to the battle.net change.  Blizzard created the authenticator program a year and a half before the battle.net change.  Hacked accounts were already out of control

    2) Changing login names to email addresses did not help the situation and I think was a dumb idea. 

    3) More people getting hacked after the change, sure.  Just think about how many players changed their login names to an email address that they have posted and registered all over the internet.  I bet you anything that millions of people just exposed 1/2 of their login information.  On top of that I bet you a good portion of those people stupidly use the same password for their wow account or email account which would allow hackers full control over their accounts.

     

    It isn't really hard to see why hacking is on the rise.   Far more phishing emails floating around and untold amounts of players just exposed 1/2 of their login information and a backdoor to their account management should their email account be compromised.

    Sorry, but all of that points squarely at the user. 

  • cscurlockcscurlock Member Posts: 38

    Ill say what I said in another thread.  If you get hacked and don't have an authenticator I have 0 sympathy for you.  Its the price of a happy meal.  Get it and stop complaining.

  • NeblessNebless Member UncommonPosts: 1,267

    I'm at the point where I look forward to my weekly phishing emails.  It started with just a warning I might have been hacked, then moved to my faction being changed and is now up to freezing my account because it's being sold on the internet.

    Quite amazing when you figure I've never had a single thing to do with WoW or Blizzard EVER.

    SWG (pre-cu) - AoC (pre-f2p) - PotBS (pre-boarder) - DDO - LotRO (pre-f2p) - STO - GnH (beta tester) - SWToR - Neverwinter

  • jimmyman99jimmyman99 Member UncommonPosts: 3,221

    Originally posted by Nebless

    I'm at the point where I look forward to my weekly phishing emails.  It started with just a warning I might have been hacked, then moved to my faction being changed and is now up to freezing my account because it's being sold on the internet.

    Quite amazing when you figure I've never had a single thing to do with WoW or Blizzard EVER.

    Exactly! They simply scanned your email somewhere... whether here, on another forum/website/pornsite/signature/etc.

    Also, people, make sure your forum name is NOT part of your email address. If I were a WoW hacker, id send a few emails to Nebless at: nebless@yahoo.com, nebless@yahoo.ca, nebless@hotmail.com, nebless@gmail.com, nebless@sprint.com, nebless@rogers.ca and maybe a few more from the major providers... i bet one or two emails are valid and will not return back to me.

     

    PS: sorry Nebless if one of those emails is actually yours... If thats the case, you should change it.

     

    EDIT: made my post more readable

    I am the type of player where I like to do everything and anything from time to time.
    image
    http://en.wikipedia.org/wiki/Holodomor - pre-WW2 genocide.
    imageimage

  • CeridithCeridith Member UncommonPosts: 2,980

    Originally posted by jimmyman99

    Originally posted by vi2023ly

    I have not been hacked.  My account has been inactive since February and I just checked and it still hasn't been banned.

    But, this has to be something on Blizzard's end.  It just doesn't add up any other way.


    1. Some people get hacked but not many and it's usually obvious as to how

    2. Blizzard makes everyone register on battle.net

    3. Many people (orders of magnitude more people) start getting hacked

    Now, since the battle.net switch I've been receiving lots of phishing emails (one or two a day, sometimes more) but since I'm not subbed I just forward them on to hacks@blizzard.com and forget about it.  This e-mail address is registered with lots of MMO sites so that doesn't prove anything but it's fishy (phishy.. get it.. heh!) 


     


    But this isn't a problem with the end users, it's much to widespread for that and the sudden surge in account hacking that happened with the switch to b.net points the finger squarely at Blizzard.


     


    What's sad for me is I was looking forward to resubbing for Cataclysm but there's no way in hell I'll even consider resubbing until this problem is brought under control.

    NO, it points at the hackers. THe reason why the sheer amount of phishing emails and such is because WoW is so popular and because they can't hack Blizzard. You don't see any phishing emails asking to log to a game called Horizons (I know its not called that anymore, just to illustrate the point), because barely anyone plays it. Noone is interested in hijacking a Horizons account. They want to hijack game accounts where they can steal money - WoW is a goldmine for these purposes.

    Many people getting hacked means a lot of people are simply computer illiterate. They do not distinguish between simple things. My father used to get caught for the spoof where a fishy site would present an image of a regular window with a message and an OK button. He could not distinguish that from a genuine Windows message. He kept clicking on it. I had to make him learn about it the hard way (if you move your mouse over the OK button and it looks like a hand pointing a finger upwards, DO NOT CLICK on it).

    Phishing is not the leading cause of breached accounts.

    It's via browers (mostly IE) and flash vulnerabilities to infect keyloggers or steal client data (stored browser passwords, etc) from the browser, made all the more easier for the fact that usernames are as simple as finding what e-mail address a person is, or has, used.

    It's not as simple as labeling victims of breached accounts as being ignorant, when there are so many security flaws that are out of the control of users, aside of course, from completely unplugging their PC from their modem. Sure there are things that can be done to mitigate some of the issues, but if a hacker discovers a new major windows or Flash exploit, there's little a user can even do to protect against it until the vulnerability is even detected and fixed by the proper authorities.

  • Astro6Astro6 Member UncommonPosts: 240

    Originally posted by Ceridith

    Originally posted by jimmyman99


    Originally posted by vi2023ly

    I have not been hacked.  My account has been inactive since February and I just checked and it still hasn't been banned.

    But, this has to be something on Blizzard's end.  It just doesn't add up any other way.


    1. Some people get hacked but not many and it's usually obvious as to how

    2. Blizzard makes everyone register on battle.net

    3. Many people (orders of magnitude more people) start getting hacked

    Now, since the battle.net switch I've been receiving lots of phishing emails (one or two a day, sometimes more) but since I'm not subbed I just forward them on to hacks@blizzard.com and forget about it.  This e-mail address is registered with lots of MMO sites so that doesn't prove anything but it's fishy (phishy.. get it.. heh!) 


     


    But this isn't a problem with the end users, it's much to widespread for that and the sudden surge in account hacking that happened with the switch to b.net points the finger squarely at Blizzard.


     


    What's sad for me is I was looking forward to resubbing for Cataclysm but there's no way in hell I'll even consider resubbing until this problem is brought under control.

    NO, it points at the hackers. THe reason why the sheer amount of phishing emails and such is because WoW is so popular and because they can't hack Blizzard. You don't see any phishing emails asking to log to a game called Horizons (I know its not called that anymore, just to illustrate the point), because barely anyone plays it. Noone is interested in hijacking a Horizons account. They want to hijack game accounts where they can steal money - WoW is a goldmine for these purposes.

    Many people getting hacked means a lot of people are simply computer illiterate. They do not distinguish between simple things. My father used to get caught for the spoof where a fishy site would present an image of a regular window with a message and an OK button. He could not distinguish that from a genuine Windows message. He kept clicking on it. I had to make him learn about it the hard way (if you move your mouse over the OK button and it looks like a hand pointing a finger upwards, DO NOT CLICK on it).

    Phishing is not the leading cause of breached accounts.

    It's via browers (mostly IE) and flash vulnerabilities to infect keyloggers or steal client data (stored browser passwords, etc) from the browser, made all the more easier for the fact that usernames are as simple as finding what e-mail address a person is, or has, used.

    It's not as simple as labeling victims of breached accounts as being ignorant, when there are so many security flaws that are out of the control of users, aside of course, from completely unplugging their PC from their modem. Sure there are things that can be done to mitigate some of the issues, but if a hacker discovers a new major windows or Flash exploit, there's little a user can even do to protect against it until the vulnerability is even detected and fixed by the proper authorities.

    Do not forget home routers and routers in general they have a HUGE security hole that can be taken advantage of by using a war dialing (internet ip addresses)  and webpages hacking routers to reroute your dns to allow man in the middle attack this attack will even steal authenticator codes.

    http://tech.blorge.com/Structure:%20/2010/07/14/millions-of-routers-may-be-at-risk-for-a-simple-hack/

    Dlink has been one of the safer routers and will be even more safe using DNSSEC, CAPTCHA, and IPv6 certification.

    You should check for new firmware for your router and update.

    DNSSEC was revealed last month by the Internet Corporation for Assigned Names and Numbers (ICANN) during Black Hat 2010. The system was designed to beef up Internet security by virtually stamping email and web pages so that its authenticity can be verified. This will ultimately prevent "spoofer" attacks designed to use legitimate-looking emails and web sites to lure consumers to malware.

    As for CAPTCHA, D-Link integrated the technology in mid-2009. It's a challenge-response test that verifies that a response during a user logon is actually a human and not computer-generated. Users confirm their organic origins by entering a small amount of text displayed in an image to help prevent automated registration and fraud.

  • RydesonRydeson Member UncommonPosts: 3,852

    Originally posted by Ceridith

    Originally posted by jimmyman99


    Originally posted by vi2023ly

    I have not been hacked.  My account has been inactive since February and I just checked and it still hasn't been banned.

    But, this has to be something on Blizzard's end.  It just doesn't add up any other way.


    1. Some people get hacked but not many and it's usually obvious as to how

    2. Blizzard makes everyone register on battle.net

    3. Many people (orders of magnitude more people) start getting hacked

    Now, since the battle.net switch I've been receiving lots of phishing emails (one or two a day, sometimes more) but since I'm not subbed I just forward them on to hacks@blizzard.com and forget about it.  This e-mail address is registered with lots of MMO sites so that doesn't prove anything but it's fishy (phishy.. get it.. heh!) 


     


    But this isn't a problem with the end users, it's much to widespread for that and the sudden surge in account hacking that happened with the switch to b.net points the finger squarely at Blizzard.


     


    What's sad for me is I was looking forward to resubbing for Cataclysm but there's no way in hell I'll even consider resubbing until this problem is brought under control.

    NO, it points at the hackers. THe reason why the sheer amount of phishing emails and such is because WoW is so popular and because they can't hack Blizzard. You don't see any phishing emails asking to log to a game called Horizons (I know its not called that anymore, just to illustrate the point), because barely anyone plays it. Noone is interested in hijacking a Horizons account. They want to hijack game accounts where they can steal money - WoW is a goldmine for these purposes.

    Many people getting hacked means a lot of people are simply computer illiterate. They do not distinguish between simple things. My father used to get caught for the spoof where a fishy site would present an image of a regular window with a message and an OK button. He could not distinguish that from a genuine Windows message. He kept clicking on it. I had to make him learn about it the hard way (if you move your mouse over the OK button and it looks like a hand pointing a finger upwards, DO NOT CLICK on it).

    Phishing is not the leading cause of breached accounts.

    It's via browers (mostly IE) and flash vulnerabilities to infect keyloggers or steal client data (stored browser passwords, etc) from the browser, made all the more easier for the fact that usernames are as simple as finding what e-mail address a person is, or has, used.

    It's not as simple as labeling victims of breached accounts as being ignorant, when there are so many security flaws that are out of the control of users, aside of course, from completely unplugging their PC from their modem. Sure there are things that can be done to mitigate some of the issues, but if a hacker discovers a new major windows or Flash exploit, there's little a user can even do to protect against it until the vulnerability is even detected and fixed by the proper authorities.

    EXACTLY.. You can not protect your account against "new" hacks..  Again as I have said before.. Why doesn't Blizzard take away a hacks "market" instead of feeding it with a poor player economy.. Hacks don't hack to sell gold to people to pay for repair cost.. Blizzard designed a SHITTY player economy that attracts gold sellers and hackers..  Take away their incentive, and the hacks go away.. 

  • Daffid011Daffid011 Member UncommonPosts: 7,945

    Every game that has an economy attracts hackers and gold sellers.  The problem isn't an in game economy, it is players wanting to cheat and short cuy gameplay.  That is always going to be a problem for popular mmos if they use currency that has any use. 

     

    What mmo companies need to do is put fear into end users for buying currency.  As long as players don't have anything to lose for dealing with gold sellers they will continue to do so.  By this I mean a sense of fear the playerbase as a whole feels.  Not some isolated cases where some people get banned, but very highly publicized situations that get the message across to everyone that they are at risk for buying currency.

  • jimmyman99jimmyman99 Member UncommonPosts: 3,221

    Originally posted by Astro6

    Originally posted by Ceridith


    Originally posted by jimmyman99


    Originally posted by vi2023ly

    I have not been hacked.  My account has been inactive since February and I just checked and it still hasn't been banned.

    But, this has to be something on Blizzard's end.  It just doesn't add up any other way.


    1. Some people get hacked but not many and it's usually obvious as to how

    2. Blizzard makes everyone register on battle.net

    3. Many people (orders of magnitude more people) start getting hacked

    Now, since the battle.net switch I've been receiving lots of phishing emails (one or two a day, sometimes more) but since I'm not subbed I just forward them on to hacks@blizzard.com and forget about it.  This e-mail address is registered with lots of MMO sites so that doesn't prove anything but it's fishy (phishy.. get it.. heh!) 


     


    But this isn't a problem with the end users, it's much to widespread for that and the sudden surge in account hacking that happened with the switch to b.net points the finger squarely at Blizzard.


     


    What's sad for me is I was looking forward to resubbing for Cataclysm but there's no way in hell I'll even consider resubbing until this problem is brought under control.

    NO, it points at the hackers. THe reason why the sheer amount of phishing emails and such is because WoW is so popular and because they can't hack Blizzard. You don't see any phishing emails asking to log to a game called Horizons (I know its not called that anymore, just to illustrate the point), because barely anyone plays it. Noone is interested in hijacking a Horizons account. They want to hijack game accounts where they can steal money - WoW is a goldmine for these purposes.

    Many people getting hacked means a lot of people are simply computer illiterate. They do not distinguish between simple things. My father used to get caught for the spoof where a fishy site would present an image of a regular window with a message and an OK button. He could not distinguish that from a genuine Windows message. He kept clicking on it. I had to make him learn about it the hard way (if you move your mouse over the OK button and it looks like a hand pointing a finger upwards, DO NOT CLICK on it).

    Phishing is not the leading cause of breached accounts.

    It's via browers (mostly IE) and flash vulnerabilities to infect keyloggers or steal client data (stored browser passwords, etc) from the browser, made all the more easier for the fact that usernames are as simple as finding what e-mail address a person is, or has, used.

    It's not as simple as labeling victims of breached accounts as being ignorant, when there are so many security flaws that are out of the control of users, aside of course, from completely unplugging their PC from their modem. Sure there are things that can be done to mitigate some of the issues, but if a hacker discovers a new major windows or Flash exploit, there's little a user can even do to protect against it until the vulnerability is even detected and fixed by the proper authorities.

    Do not forget home routers and routers in general they have a HUGE security hole that can be taken advantage of by using a war dialing (internet ip addresses)  and webpages hacking routers to reroute your dns to allow man in the middle attack this attack will even steal authenticator codes.

    http://tech.blorge.com/Structure:%20/2010/07/14/millions-of-routers-may-be-at-risk-for-a-simple-hack/

    Dlink has been one of the safer routers and will be even more safe using DNSSEC, CAPTCHA, and IPv6 certification.

    You should check for new firmware for your router and update.

    DNSSEC was revealed last month by the Internet Corporation for Assigned Names and Numbers (ICANN) during Black Hat 2010. The system was designed to beef up Internet security by virtually stamping email and web pages so that its authenticity can be verified. This will ultimately prevent "spoofer" attacks designed to use legitimate-looking emails and web sites to lure consumers to malware.

    As for CAPTCHA, D-Link integrated the technology in mid-2009. It's a challenge-response test that verifies that a response during a user logon is actually a human and not computer-generated. Users confirm their organic origins by entering a small amount of text displayed in an image to help prevent automated registration and fraud.

    From that link... "Most routers that are vulnerable are only at risk if they are running older versions of firmware, and aren’t using a password to protect themselves, or even just the default passwords"  - that made me LOL.

    I am the type of player where I like to do everything and anything from time to time.
    image
    http://en.wikipedia.org/wiki/Holodomor - pre-WW2 genocide.
    imageimage

  • jimmyman99jimmyman99 Member UncommonPosts: 3,221

    Originally posted by Ceridith

    Originally posted by jimmyman99


    Originally posted by vi2023ly

    I have not been hacked.  My account has been inactive since February and I just checked and it still hasn't been banned.

    But, this has to be something on Blizzard's end.  It just doesn't add up any other way.


    1. Some people get hacked but not many and it's usually obvious as to how

    2. Blizzard makes everyone register on battle.net

    3. Many people (orders of magnitude more people) start getting hacked

    Now, since the battle.net switch I've been receiving lots of phishing emails (one or two a day, sometimes more) but since I'm not subbed I just forward them on to hacks@blizzard.com and forget about it.  This e-mail address is registered with lots of MMO sites so that doesn't prove anything but it's fishy (phishy.. get it.. heh!) 


     


    But this isn't a problem with the end users, it's much to widespread for that and the sudden surge in account hacking that happened with the switch to b.net points the finger squarely at Blizzard.


     


    What's sad for me is I was looking forward to resubbing for Cataclysm but there's no way in hell I'll even consider resubbing until this problem is brought under control.

    NO, it points at the hackers. THe reason why the sheer amount of phishing emails and such is because WoW is so popular and because they can't hack Blizzard. You don't see any phishing emails asking to log to a game called Horizons (I know its not called that anymore, just to illustrate the point), because barely anyone plays it. Noone is interested in hijacking a Horizons account. They want to hijack game accounts where they can steal money - WoW is a goldmine for these purposes.

    Many people getting hacked means a lot of people are simply computer illiterate. They do not distinguish between simple things. My father used to get caught for the spoof where a fishy site would present an image of a regular window with a message and an OK button. He could not distinguish that from a genuine Windows message. He kept clicking on it. I had to make him learn about it the hard way (if you move your mouse over the OK button and it looks like a hand pointing a finger upwards, DO NOT CLICK on it).

    Phishing is not the leading cause of breached accounts.

    It's via browers (mostly IE) and flash vulnerabilities to infect keyloggers or steal client data (stored browser passwords, etc) from the browser, made all the more easier for the fact that usernames are as simple as finding what e-mail address a person is, or has, used.

    It's not as simple as labeling victims of breached accounts as being ignorant, when there are so many security flaws that are out of the control of users, aside of course, from completely unplugging their PC from their modem. Sure there are things that can be done to mitigate some of the issues, but if a hacker discovers a new major windows or Flash exploit, there's little a user can even do to protect against it until the vulnerability is even detected and fixed by the proper authorities.

    How would a person get to the hacker's website in the first place? Flash vulnerability does not let you get hacked unless... again, you are browsing a hacker's website. If you stay away from those sites, you are fine. And you can't get to the hacker's sites unless:

    - you got a phishing email and u followed the link (read my previous post);

    - you were looking for hacks;

    - you were looking for powerleveling services;

    - you were looking for gold selling services;

    - you were looking for bad porn (there are so many normal porn sites, that finding hacker's website by searching for normal porn is highly improbable);

    So no, you can't just get hacked, it takes effort to get hacked. If you have average computer literacy you will easily identify 90-95% of the spoofs and never get hacked. Router vulnerabilities, browser vulnerabilities, all of that is offset by decent firewall and average brains. Its all about the user.

    I am the type of player where I like to do everything and anything from time to time.
    image
    http://en.wikipedia.org/wiki/Holodomor - pre-WW2 genocide.
    imageimage

  • rwmillerrwmiller Member Posts: 472

    Does it happen? Yes.

    Is it that common? No.

    Most of the hype is around a few people that seem to enjoy fanning the flames of the problem. Without a doubt people are getting phished and scammed but the number of real hacks where people use brute force attacks against an account to gain access are miniscule and a wasted effort against anyone that has used a reasonable password and/or the authenticator. Plus Blizzard has systems in place to detect and prevent that sort of attack.

    Use the advice that Blizzard and others have given out and use some common sense and nothing will happen to your account but unfortunately too many people are having fun pointing fingers and causing hysteria for these posts to stop any time soon.

  • sloebersloeber Member UncommonPosts: 504

    loads of nOObs think they gonna onw wow if they would just have enough money in their bank.......there you go.

    All them stupid kids (and prolly some crazy adult peeps too) who think "hey lets do this fast so i can buy some uber gear and go endgame".......they buy some wow money and then they come whining that there account has been hacked.

    just note this.......i never in my life bought wow gold and never has my account been in any danger (oh yeah....my account is 5 years old :p)

    Why do these money sellers keep trying???? because LOTS of losers are stil buying wow gold.....your own damn fault......dont whine about gold sellers......just dont buy gold from them and they will stop on their own cause it makes them no more money.

    its realy that simple........oh btw......nobody in the real life cares that you PWN in wow so you are only "uber" when it comes to one video game......i am not uber but pretty good irl and thats harder then any video game :p

    sloeber out :)

  • TruethTrueth Member Posts: 287

     

    "About my own experiences: since the last month or two I've been getting mails about WoW that look official, but when you see the link that's added and check the email address it's coming from they're both phoney, not from Blizzard itself. So I never clicked the link."

     

     

    I don't even play WOW, but I also have been getting spammed to hell over the last few weeks with fake AND real Blizzard e-mails. It's wierd and annoying.

  • SuprGamerXSuprGamerX Member Posts: 531

       I've got friends who buy gold but only for F2P MMO's since the ratio of gold for real life money gets you more then if bought the stuff off the item mall.

      From a P2P point of view it's abit tricky , because when you buy gold from a website , they're able to track your account name and therefor once they a hold of your account name they just run their Password programs for hours until they get a lock on your password and then hack your account to 0.   Remember that a P2P account is worth WAY MORE then a F2P account regardless of the P2P title. So for gold sellers its way more profitable to hack a P2P account when they can , and trust me nothing will stop them to eventually hack any accounts that buys gold off of them. And trust me when I say they don't give a s""t if you have put your lifesavings on a MMO.  You buy gold off of them , your at very high risk.  And Blizzard as of any company will investigate on why your account has been hacked which can take a while. And they can back track any IP address to any accounts around the globe to see if in fact you bought gold off a website , and if that's the case you'll probably get banned. But if your legit , they'll give back your account with all gear and gold.  A hacked account is like a crime scene , there's always a reason for why a account got hacked. In my 18 years of playing MMO's ,and I played a crap load of them, I never got hacked

      Main reason to never ever give out your account name. But then again if your foolish enough to buy gold on a P2P MMO then it's your problem , because getting hacked without buying gold is pretty much impossible unless you give out your account name for millions to see.  Those that do get hacked deny of anything and they are the most legit of players.  Unless your account name is bob123 with PW: Ipwn   it is very unlikely for anyone to get hacked.

      With that said , I'm currently starting to play wow again after a few years to get back into the Blizzard beat until D3 comes out.

    Enjoy your gameing experiences everyone!

  • AethaerynAethaeryn Member RarePosts: 3,034

    Why would you give a gold seller your account name anyway. . all they need is your character.   The problem is that Bliz/Battlenes started using e-mail addresses instead of account names.  With so many people playing they are bound to just run hotmail e-mails on gaming forums etc. and get lucky with brute force or dictionairy methods.

    Wa min God! Se æx on min heafod is!

  • CeridithCeridith Member UncommonPosts: 2,980

    Originally posted by jimmyman99

    Originally posted by Ceridith


    Originally posted by jimmyman99


    Originally posted by vi2023ly

    I have not been hacked.  My account has been inactive since February and I just checked and it still hasn't been banned.

    But, this has to be something on Blizzard's end.  It just doesn't add up any other way.


    1. Some people get hacked but not many and it's usually obvious as to how

    2. Blizzard makes everyone register on battle.net

    3. Many people (orders of magnitude more people) start getting hacked

    Now, since the battle.net switch I've been receiving lots of phishing emails (one or two a day, sometimes more) but since I'm not subbed I just forward them on to hacks@blizzard.com and forget about it.  This e-mail address is registered with lots of MMO sites so that doesn't prove anything but it's fishy (phishy.. get it.. heh!) 


     


    But this isn't a problem with the end users, it's much to widespread for that and the sudden surge in account hacking that happened with the switch to b.net points the finger squarely at Blizzard.


     


    What's sad for me is I was looking forward to resubbing for Cataclysm but there's no way in hell I'll even consider resubbing until this problem is brought under control.

    NO, it points at the hackers. THe reason why the sheer amount of phishing emails and such is because WoW is so popular and because they can't hack Blizzard. You don't see any phishing emails asking to log to a game called Horizons (I know its not called that anymore, just to illustrate the point), because barely anyone plays it. Noone is interested in hijacking a Horizons account. They want to hijack game accounts where they can steal money - WoW is a goldmine for these purposes.

    Many people getting hacked means a lot of people are simply computer illiterate. They do not distinguish between simple things. My father used to get caught for the spoof where a fishy site would present an image of a regular window with a message and an OK button. He could not distinguish that from a genuine Windows message. He kept clicking on it. I had to make him learn about it the hard way (if you move your mouse over the OK button and it looks like a hand pointing a finger upwards, DO NOT CLICK on it).

    Phishing is not the leading cause of breached accounts.

    It's via browers (mostly IE) and flash vulnerabilities to infect keyloggers or steal client data (stored browser passwords, etc) from the browser, made all the more easier for the fact that usernames are as simple as finding what e-mail address a person is, or has, used.

    It's not as simple as labeling victims of breached accounts as being ignorant, when there are so many security flaws that are out of the control of users, aside of course, from completely unplugging their PC from their modem. Sure there are things that can be done to mitigate some of the issues, but if a hacker discovers a new major windows or Flash exploit, there's little a user can even do to protect against it until the vulnerability is even detected and fixed by the proper authorities.

    How would a person get to the hacker's website in the first place? Flash vulnerability does not let you get hacked unless... again, you are browsing a hacker's website. If you stay away from those sites, you are fine. And you can't get to the hacker's sites unless:

    - you got a phishing email and u followed the link (read my previous post);

    - you were looking for hacks;

    - you were looking for powerleveling services;

    - you were looking for gold selling services;

    - you were looking for bad porn (there are so many normal porn sites, that finding hacker's website by searching for normal porn is highly improbable);

    So no, you can't just get hacked, it takes effort to get hacked. If you have average computer literacy you will easily identify 90-95% of the spoofs and never get hacked. Router vulnerabilities, browser vulnerabilities, all of that is offset by decent firewall and average brains. Its all about the user.

    Banner ads from third party Web advertisement companies.

    The "hackers" can submit their infected "advertisements" to web advertising companies, who then proliferate them into the ad rotation of WoW related websites that have banner ads for supplemented revenue.

    The vast majority of web advertising companies do not properly screen ads that they put into the advertising rotation. They will only act on removing certain ads that are identified as being security risks, and this is usually after they've been out in the wild and infected a number of people already to be noticed, and after the advertising company can confirm they're malicious.

    So basically, any website with third party banner ads is a potential avenue of becoming infected by malicious software...

    This includes sites like Wowhead, Thottbot, Curse gaming, even the WoW forums themselves have had the potential to be a point of infection -- they've inadvertantly had gold selling adverts pop up on the official WoW forums before. All are legitimate websites that a typical WoW player would visit, for legitimate reasons.

    So no, it's not purely the fault of users, because there is a decent portion of it outside of the control of the users. Users can only mitigate the chance of having their account breached, they cannot completely and 100% secure themselves.

    And for someone so adament about blaming victims for their ignorance and needing to become more informed about IT security... you certainly could use some brushing up on it yourself.

  • Astro6Astro6 Member UncommonPosts: 240

    Reports are flooding in sites with ads that are infecting users again on over 60 popular websites using as many as 68 script exploits in the ads everything from facebook,myspace,piratebay,file sharing sites,tv and movie sites,music sites, news sites, mmo sites and more sites that were at one time considered safe.

    I used a virtual machine test machine and browsed all these sites my software which tracks changes to my system showed dozens of infections off of these rogue ads, from fake av to rootkits with keyloggers i traced these because of the large increase in my customers get hacked in WoW and traced it to game ads on facebook.

    The malicious software in question are hosted on 3 domains; savelocity.com, seekerfeed.com, and xoads.com, with another 6 reported as distribution intermediaries including parkneed.com, yieldmanager.com and zxxds.net.

  • Daffid011Daffid011 Member UncommonPosts: 7,945

    Originally posted by Ceridith

    This includes sites like Wowhead, Thottbot, Curse gaming, even the WoW forums themselves have had the potential to be a point of infection -- they've inadvertantly had gold selling adverts pop up on the official WoW forums before. All are legitimate websites that a typical WoW player would visit, for legitimate reasons.

    The sites I highlighted in orange (including mmo-champion and allazhazam) are actually owned by a subsidiary of IGE.  The worlds largest gold seller.   Just imagine the database of information they have access to.

     

     

  • jimmyman99jimmyman99 Member UncommonPosts: 3,221

    Originally posted by Trueth

     

    "About my own experiences: since the last month or two I've been getting mails about WoW that look official, but when you see the link that's added and check the email address it's coming from they're both phoney, not from Blizzard itself. So I never clicked the link."

     

     

    I don't even play WOW, but I also have been getting spammed to hell over the last few weeks with fake AND real Blizzard e-mails. It's wierd and annoying.

    Blizzard does not spam. I played WoW since release, and i got like 10-20 emails from Bliz in total.

    I am the type of player where I like to do everything and anything from time to time.
    image
    http://en.wikipedia.org/wiki/Holodomor - pre-WW2 genocide.
    imageimage

  • jimmyman99jimmyman99 Member UncommonPosts: 3,221

    Originally posted by Ceridith

    Originally posted by jimmyman99


    Originally posted by Ceridith


    Originally posted by jimmyman99


    Originally posted by vi2023ly

    I have not been hacked.  My account has been inactive since February and I just checked and it still hasn't been banned.

    But, this has to be something on Blizzard's end.  It just doesn't add up any other way.


    1. Some people get hacked but not many and it's usually obvious as to how

    2. Blizzard makes everyone register on battle.net

    3. Many people (orders of magnitude more people) start getting hacked

    Now, since the battle.net switch I've been receiving lots of phishing emails (one or two a day, sometimes more) but since I'm not subbed I just forward them on to hacks@blizzard.com and forget about it.  This e-mail address is registered with lots of MMO sites so that doesn't prove anything but it's fishy (phishy.. get it.. heh!) 


     


    But this isn't a problem with the end users, it's much to widespread for that and the sudden surge in account hacking that happened with the switch to b.net points the finger squarely at Blizzard.


     


    What's sad for me is I was looking forward to resubbing for Cataclysm but there's no way in hell I'll even consider resubbing until this problem is brought under control.

    NO, it points at the hackers. THe reason why the sheer amount of phishing emails and such is because WoW is so popular and because they can't hack Blizzard. You don't see any phishing emails asking to log to a game called Horizons (I know its not called that anymore, just to illustrate the point), because barely anyone plays it. Noone is interested in hijacking a Horizons account. They want to hijack game accounts where they can steal money - WoW is a goldmine for these purposes.

    Many people getting hacked means a lot of people are simply computer illiterate. They do not distinguish between simple things. My father used to get caught for the spoof where a fishy site would present an image of a regular window with a message and an OK button. He could not distinguish that from a genuine Windows message. He kept clicking on it. I had to make him learn about it the hard way (if you move your mouse over the OK button and it looks like a hand pointing a finger upwards, DO NOT CLICK on it).

    Phishing is not the leading cause of breached accounts.

    It's via browers (mostly IE) and flash vulnerabilities to infect keyloggers or steal client data (stored browser passwords, etc) from the browser, made all the more easier for the fact that usernames are as simple as finding what e-mail address a person is, or has, used.

    It's not as simple as labeling victims of breached accounts as being ignorant, when there are so many security flaws that are out of the control of users, aside of course, from completely unplugging their PC from their modem. Sure there are things that can be done to mitigate some of the issues, but if a hacker discovers a new major windows or Flash exploit, there's little a user can even do to protect against it until the vulnerability is even detected and fixed by the proper authorities.

    How would a person get to the hacker's website in the first place? Flash vulnerability does not let you get hacked unless... again, you are browsing a hacker's website. If you stay away from those sites, you are fine. And you can't get to the hacker's sites unless:

    - you got a phishing email and u followed the link (read my previous post);

    - you were looking for hacks;

    - you were looking for powerleveling services;

    - you were looking for gold selling services;

    - you were looking for bad porn (there are so many normal porn sites, that finding hacker's website by searching for normal porn is highly improbable);

    So no, you can't just get hacked, it takes effort to get hacked. If you have average computer literacy you will easily identify 90-95% of the spoofs and never get hacked. Router vulnerabilities, browser vulnerabilities, all of that is offset by decent firewall and average brains. Its all about the user.

    Banner ads from third party Web advertisement companies.

    The "hackers" can submit their infected "advertisements" to web advertising companies, who then proliferate them into the ad rotation of WoW related websites that have banner ads for supplemented revenue.

    The vast majority of web advertising companies do not properly screen ads that they put into the advertising rotation. They will only act on removing certain ads that are identified as being security risks, and this is usually after they've been out in the wild and infected a number of people already to be noticed, and after the advertising company can confirm they're malicious.

    So basically, any website with third party banner ads is a potential avenue of becoming infected by malicious software...

    This includes sites like Wowhead, Thottbot, Curse gaming, even the WoW forums themselves have had the potential to be a point of infection -- they've inadvertantly had gold selling adverts pop up on the official WoW forums before. All are legitimate websites that a typical WoW player would visit, for legitimate reasons.

    So no, it's not purely the fault of users, because there is a decent portion of it outside of the control of the users. Users can only mitigate the chance of having their account breached, they cannot completely and 100% secure themselves.

    And for someone so adament about blaming victims for their ignorance and needing to become more informed about IT security... you certainly could use some brushing up on it yourself.

    You are stretching it buddy... now you are saying hackers are PAYING to hack other accounts... they expose themselves to be backtraced to their account and real identities... hmmm... not likely. And what does that mean i need to brush up on security? did you hack me? did you get through my hardware firewall? and then software firewall? oh my, i need to check my open ports (none) for established connections (firefox, winamp open, avast just closed a socket)... mmmm. Nah, my security is just fine, thanks for your concern. But keep bashing please, I wonder how many more crazy ideas you come up with.

    I am the type of player where I like to do everything and anything from time to time.
    image
    http://en.wikipedia.org/wiki/Holodomor - pre-WW2 genocide.
    imageimage

  • Astro6Astro6 Member UncommonPosts: 240

     






    Originally posted by jimmyman99





    Originally posted by Ceridith






    Originally posted by jimmyman99






    Originally posted by Ceridith






    Originally posted by jimmyman99






    Originally posted by vi2023ly



    I have not been hacked.  My account has been inactive since February and I just checked and it still hasn't been banned.

    But, this has to be something on Blizzard's end.  It just doesn't add up any other way.



    [*]

    Some people get hacked but not many and it's usually obvious as to how

    [*]

    Blizzard makes everyone register on battle.net



    Many people (orders of magnitude more people) start getting hacked





    Now, since the battle.net switch I've been receiving lots of phishing emails (one or two a day, sometimes more) but since I'm not subbed I just forward them on to hacks@blizzard.com and forget about it.  This e-mail address is registered with lots of MMO sites so that doesn't prove anything but it's fishy (phishy.. get it.. heh!) 



     



    But this isn't a problem with the end users, it's much to widespread for that and the sudden surge in account hacking that happened with the switch to b.net points the finger squarely at Blizzard.



     



    What's sad for me is I was looking forward to resubbing for Cataclysm but there's no way in hell I'll even consider resubbing until this problem is brought under control.





    NO, it points at the hackers. THe reason why the sheer amount of phishing emails and such is because WoW is so popular and because they can't hack Blizzard. You don't see any phishing emails asking to log to a game called Horizons (I know its not called that anymore, just to illustrate the point), because barely anyone plays it. Noone is interested in hijacking a Horizons account. They want to hijack game accounts where they can steal money - WoW is a goldmine for these purposes.

    Many people getting hacked means a lot of people are simply computer illiterate. They do not distinguish between simple things. My father used to get caught for the spoof where a fishy site would present an image of a regular window with a message and an OK button. He could not distinguish that from a genuine Windows message. He kept clicking on it. I had to make him learn about it the hard way (if you move your mouse over the OK button and it looks like a hand pointing a finger upwards, DO NOT CLICK on it).





    Phishing is not the leading cause of breached accounts.

    It's via browers (mostly IE) and flash vulnerabilities to infect keyloggers or steal client data (stored browser passwords, etc) from the browser, made all the more easier for the fact that usernames are as simple as finding what e-mail address a person is, or has, used.

    It's not as simple as labeling victims of breached accounts as being ignorant, when there are so many security flaws that are out of the control of users, aside of course, from completely unplugging their PC from their modem. Sure there are things that can be done to mitigate some of the issues, but if a hacker discovers a new major windows or Flash exploit, there's little a user can even do to protect against it until the vulnerability is even detected and fixed by the proper authorities.





    How would a person get to the hacker's website in the first place? Flash vulnerability does not let you get hacked unless... again, you are browsing a hacker's website. If you stay away from those sites, you are fine. And you can't get to the hacker's sites unless:

    - you got a phishing email and u followed the link (read my previous post);

    - you were looking for hacks;

    - you were looking for powerleveling services;

    - you were looking for gold selling services;

    - you were looking for bad porn (there are so many normal porn sites, that finding hacker's website by searching for normal porn is highly improbable);

    So no, you can't just get hacked, it takes effort to get hacked. If you have average computer literacy you will easily identify 90-95% of the spoofs and never get hacked. Router vulnerabilities, browser vulnerabilities, all of that is offset by decent firewall and average brains. Its all about the user.





    Banner ads from third party Web advertisement companies.

    The "hackers" can submit their infected "advertisements" to web advertising companies, who then proliferate them into the ad rotation of WoW related websites that have banner ads for supplemented revenue.

    The vast majority of web advertising companies do not properly screen ads that they put into the advertising rotation. They will only act on removing certain ads that are identified as being security risks, and this is usually after they've been out in the wild and infected a number of people already to be noticed, and after the advertising company can confirm they're malicious.

    So basically, any website with third party banner ads is a potential avenue of becoming infected by malicious software...

    This includes sites like Wowhead, Thottbot, Curse gaming, even the WoW forums themselves have had the potential to be a point of infection -- they've inadvertantly had gold selling adverts pop up on the official WoW forums before. All are legitimate websites that a typical WoW player would visit, for legitimate reasons.

    So no, it's not purely the fault of users, because there is a decent portion of it outside of the control of the users. Users can only mitigate the chance of having their account breached, they cannot completely and 100% secure themselves.

    And for someone so adament about blaming victims for their ignorance and needing to become more informed about IT security... you certainly could use some brushing up on it yourself.





    You are stretching it buddy... now you are saying hackers are PAYING to hack other accounts... they expose themselves to be backtraced to their account and real identities... hmmm... not likely. And what does that mean i need to brush up on security? did you hack me? did you get through my hardware firewall? and then software firewall? oh my, i need to check my open ports (none) for established connections (firefox, winamp open, avast just closed a socket)... mmmm. Nah, my security is just fine, thanks for your concern. But keep bashing please, I wonder how many more crazy ideas you come up with.



    You really need to brush up on your security as a security expert 25 yrs in the field getting hacked by adverting banners is real not fake look at my post, it has happened many,many times what they do is pay someone to place the ads that have no affilation with the hackers.

    It is the most common vector to catch fake av's/rootkits-keyloggers/malware because it is on a web advertising ring it may reach as many as 20,000 websites.

    As a matter of fact it happening with the piratebay atm and 100's of other websites just past week i had 4 customers that had thier accounts hacked from keyloggers in advertising banners on facebook they had microsoft security essentials,threatfire,immunet installed.

     

    http://news.cnet.com/8301-27080_3-20002267-245.html

    http://www.wowwiki.com/Talk:Thorium_Brotherhood

    http://copyfight.corante.com/archives/2009/04/20/copyfight_is_everywhere.php

    I can post over 200 links to security websites with information about keyloggers in ads on curse gamaing,allakzam,wowmatrix and many more sites including the chicago tribune.

    http://www.maximumpc.com/article/home/adobe_plugs_six_critical_security_holes_flash_player

    http://www.adobe.com/support/security/bulletins/apsb10-16.html

Sign In or Register to comment.