account-theft
Latest
WoW account hackers sentenced to 2 years in Chinese prison
We've all been affected by account theft in some way. Maybe your account has never been hacked, but I'd be willing to bet a guild mate or friend has had to deal with this annoyance. Blizzard has a pretty smooth system in place to fix these things for the account holders, but it doesn't stop it from being profitable for the hackers involved. They still get their gold in the end. Would you wish prison time on these people? Last week, a group of 10 Chinese men were sentenced to prison for stealing from a total of 11,500 World of Warcraft accounts. The leader of the group, Chen, purchased hacked WoW accounts for $1 each and emptied them, selling the resulting gold for an average of $3 per account. Eventually one of Chen's accomplices left to start his own hacking "studio" to flip WoW accounts with several employees. A series of complaints led to an investigation and subsequent trial where Chen was found guilty, fined $8,000, and sentenced to 2 years in prison. The others involved were fined $1,000 and sentenced to just under 2 years in prison. Their $10,800 in profits and computer equipment used was also confiscated by the authorities.
League of Legends compromised; North American accounts and transactions accessed
Riot Games has just issued a letter to League of Legends players revealing that North American account information has been compromised by hackers. According to the message, usernames, email addresses, "salted password hashes," and real names were accessed. Riot insists that password information is unreadable but that players with easy-to-guess passwords might be at risk. Also accessed were hashed and salted credit card numbers from around 120,000 transactions made in 2011. Riot noted that the payment system in question has not been used since July of 2011 and that it is "taking appropriate action to notify and safeguard affected players." If your information was affected, you will receive an email from Riot. All North American players will be required to change their passwords "to stronger ones that are much harder to guess." In the meantime, keep an eye on your accounts for any suspicious activity.
Why Blizzard isn't opening a gold shop
Last year, Blizzard started an experiment with the Guardian Cub, a pet store purchase that could be bought and sold in game with gold as well, since it was Bind on Equip. At the time, a lot of WoW players (including us) saw this as an experimental foray into Blizzard finding ways to allow people to get extra gold using real life money without directly selling gold. In part, that was because Blizzard came right out and admitted that's what it was. Since that time, we've seen no new Blizzard Store purchases that were BoE in this fashion. Since then, we've heard a lot of complaints about botters who use hacked accounts to not only steal all the gold said account possesses, but also then use it as a farming bot for as long as they can keep hold of it. Some players are even suggesting that Blizzard should simply sell gold itself, cutting out the middleman and putting gold sellers out of business. Why isn't this a good idea?
Blizzard denies Diablo III authenticator hacking claims
We've been following the mass reports of hackers bypassing passwords and authenticators to rob Diablo III accounts blind, and now we have a new twist on the story. While Blizzard confirmed "an increase in reports of individual account compromises," the studio says it has no hard evidence that hackers have found a way to skirt around the authentication system. Community Manager Bashiok said that the company is taking the claims "extremely seriously" and is investigating the rash of account compromises. "Despite the claims and theories being made, we have yet to find any situations in which a person's account was not compromised through traditional means of someone else logging into their account through the use of their password," he said. "While the authenticator isn't a 100% guarantee of account security, we have yet to investigate a compromise report in which an authenticator was attached beforehand." Blizzard is assisting compromised customers by restoring stolen items and rolling back their accounts. The studio has a post up on its forums to help players protect their accounts and get assistance if theft occurs.
Guy steals friend's goods in APB, GM offers vigilante justice in return
Account theft and compromise are tragic facts of life in all MMOs, as player BlackJackieChan discovered the other day when he logged into APB: Reloaded and realized that he was wiped out. After posting a tirade on the forums, BlackJackieChan got the attention of a GM, who subsequently investigated the crime. His findings were stunning: BlackJackieChan's in-game friend beef43302 was the culprit. Beef43302 had crept into his friend's account, swiped a number of goods, and then deleted the temporary characters used for the theft. Beef43302 then tried to cover up his wrongdoing by consoling BlackJackieChan with a new car and encouraging him to stick with the game. Even though BlackJackieChan was accused of not protecting his account (apparently he had shown his password to his friend), GamersFirst restored the stolen items and then offered BlackJackieChan the chance to decide his friend's punishment. "Seeing as this is a relatively unique case," the GM wrote, "we shall let you decide the fate of beef43302." BlackJackieChan has yet to respond on the thread, but the GM did tell the offender that the company suspended his account "unless BlackJackieChan says otherwise."
Reminder: Watch out for Mists of Pandaria beta invite scams
Email notifications for the Mists of Pandaria beta have started arriving in people's inboxes -- and this means that we'll likely see an upswing in beta invite scams, as well. If you have received an email stating that you've been invited to participate in the Mists beta, be aware of the following: Don't click any link in the email. Blizzard will never ask you for your account information via email, nor will it usually provide any kind of link to click on. Do head to Battle.net. Type the URL into your browser (don't follow a search or email link) and use the secure login on that page to log into your account. If you have been invited for the first round of Mists beta, you will see your normal World of Warcraft: Cataclysm account listed under your game accounts -- and underneath that, you will see a listing for World of Warcraft: Mists of Pandaria Beta. If you do not see a link to the Mists of Pandaria beta under your game accounts, you are not in this round of testing, and the email you were sent was a fake. The same applies with beta keys as well. If you receive a notification with a beta key, do not click on any links in the email. Go to your Battle.net account as listed above, head to Manage My Games, choose Add or Upgrade a Game, and manually enter the beta key. If the beta key works, you're in; if it doesn't work, you may have been the recipient of a fake key. Remember, any time there is a beta or a trial period for a new game, there will usually be an upswing in attempts to nab accounts, too. Keep your account safe -- and if you made it in the beta, have fun! It's open warfare between Alliance and Horde in Mists of Pandaria, World of Warcraft's next expansion. Jump into five new levels with new talents and class mechanics, try the new monk class, and create a pandaren character to ally with either Horde or Alliance. Look for expansion basics in our Mists FAQ, or dig into our spring press event coverage for more details!
The Daily Grind: Are you in favor of developer-sanctioned RMT?
The Ottawa Citizen recently did a story on real money trading in MMOs, and it started some interesting conversation here on Massively. There are some who feel that the only way to truly eliminate the problem is to legalize it, so to speak -- cutting down on stolen accounts, shady deals, and ripped-off consumers by creating official channels for everything. Others argue that it won't help and that making real-world cash a part of the player economy is a terrible idea in general. It's a discussion that can be approached from plenty of different directions, so what say you? Should developers create official channels and be done with it, or keep working to eliminate it altogether? Every morning, the Massively bloggers probe the minds of their readers with deep, thought-provoking questions about that most serious of topics: massively online gaming. We crave your opinions, so grab your caffeinated beverage of choice and chime in on today's Daily Grind!
The Lawbringer: Account security and you
Pop law abounds in The Lawbringer, your weekly dose of WoW, the law, video games and the MMO genre. Running parallel to the games we love and enjoy is a world full of rules, regulations, pitfalls and traps. How about you hang out with us as we discuss some of the more esoteric aspects of the games we love to play? New players will soon be streaming into World of Warcraft come Cataclysm time, as well as old friends and enemies returning from prolonged sojourns. With these new or old accounts becoming active again, as well as a demand for grey market services increasing with a growing player base, account security is going to be on the tip of everyone's tongue again. For good reason, too. World of Warcraft has had one of the most daunting burdens of any MMO to date in dealing with account security, account hacking and a legal nightmare overseas.
Blizzard announces automated account recovery form for hacked accounts
World of Warcraft accounts have been under siege for years, with hackers and gold-selling outlets stealing passwords, items and more to fill their coffers, selling that gold to unwitting buyers. Blizzard has fought back incessantly over the years to stem the tide of gold farming and account hacking, and as you can imagine, the scale at which this happens is very tasking on its customer support department. Blizzard has just announced a new, speedier way to get help and answered about your hacked account, stolen items, authenticator issues and more! Now, under the new system, you will not have to email or call Blizzard to get these matters into its queue -- simply use the Account Recovery Form.
Adobe announces new Flash security vulnerability
On Sept. 13, Adobe Systems released a security advisory detailing a vulnerability in its Flash Player 10.1.82.76 for earlier versions of Windows, Mac, Linux and Solaris, and Adobe Flash Player 10.1.92.10 for Android. The vulnerability also affects Adobe Reader 9.3.4 for Windows, Macintosh and Unix and Adobe Acrobat 9.3.4 for earlier versions of Windows and Macintosh. The vulnerability allows remote attackers to cause a denial of service crash and execute a code to take control of your system by delivering this malicious code through a specially crafted PDF or Flash file. For WoW players, this can mean infection by keyloggers that could potentially steal your login information and compromise your account. Adobe Systems is working on a patch to stop this type of attack from being possible and plans to make it available the week of Sept. 27, with plans to update Adobe Reader 9.3.4 and Adobe Acrobat 9.3.4 the week of Oct. 4.
A cautionary tale of account security in Club Penguin
Many MMO gamers have children who are eager to jump into the online world but are unaware of the dangers that lurk there. While many kid-friendly MMOs have systems to guard children from unwelcome contact and identity theft, they still require the assistance of parents to teach their kids how to be safe in games. The Ancient Gaming Noob's Wilhelm recently shared a cautionary tale involving his daughter, Club Penguin, and a breach of account security. Even though she was cautioned not to share a list of details with anyone in game, all it took was the offer of a special item to get her to give up her account name and password to a stranger. This resulted in a headache, as the account was banned, and Wilhelm went back and forth with Club Penguin to re-establish his daughter's account and security. In the end, he found that Club Penguin's security was just as questionable as his daughter's judgment, and passed this story along to the rest of us in an effort to guard our own young ones from this unfortunate event. Considering that account security, personal identity and privacy are hot topics these days, we feel that this story is an eye-opener as to how far both game companies and families have to go to protect our loved ones from being exploited. You can read Wilhelm's full account over at The Ancient Gaming Noob.
New issues with Adobe Flash, Google search links could compromise your account
We have news of two new tricks hackers are currently using to steal WoW accounts. First, from Curse, comes news of a Google sponsored link that claims to lead to the popular addon manager Curse Client, but instead leads to a malware download. To be absolutely safe, you should always only download the client from http://www.curse.com/client. In addition, Blizzard is warning that Adobe Flash version 10.0.45.2 contains a critical vulnerability that could be used to install a keylogger on your computer in order to steal your WoW account info. You can avoid this issue by installing Adobe Flash version 10.1 Release Candidate 7, which does not appear to have the same vulnerabilities.
Real ID security concerns
Ever since the Real ID friend system was announced, players have voiced concerns about hackers and phishers exploiting this system. They're worried that hackers will move through a group of Real ID friends like a wildfire during a drought. While it is always good to have concerns about account security, sometimes paranoia is a bit too much. Yes, you do need your friend's email address to add them as a Real ID friend. However, that is the last time you'll ever see that email address in your game client -- once you hit the "Send Request" button, that's it. There is no way to look up that person's email address from the interface again. The only personal information in the client after that is your friend's name. Just remember that this system is meant for your real-life friends and family and not for some guy who was a good healer in your ICC PUG last week. If you don't know where to go to knock on the person's door if something happens to your account, then don't share your email address.
StarCraft II beta is live. Beware of scams!
People are getting actual StarCraft II beta invites, but that doesn't mean that all beta invites (or any other emails that look like they are from Blizzard) are real. If you got an email saying that you have been invited to StarCraft II: Wings of Liberty, don't click anything in that email. Instead take the following steps: Type battle.net into your browser (no typos) and it will go to the secure battle.net site appropriate to your region. Enter your account info. Under Manage My Games, choose Add or Upgrade a Game. Enter the Beta Key provided in the email where it says Enter Game Key. Press Add Game. If you are able to successfully add the game to your library, then you received a real beta invite. If the email tells you to go someplace else for the beta key or the key provided did not work, then you received a phishing email.
Confessions of a gold scammer and identity thief
digg_url = 'http://massively.joystiq.com/2010/01/19/confessions-of-a-gold-scammer-and-identity-thief/'; "We have met the enemy and he is us." The player identified as "Patrick" is not the malevolent monstrosity we'd like to see. Nor is he a victim of circumstance, at that. He acts for all the world like a perfectly normal gamer, and if you didn't know he'd scammed between $10,000 and $20,000 in a year of reprehensible behavior, you certainly wouldn't be able to guess. That's what makes a video interview with him, mirrored and annotated at PlayNoEvil and originally recorded by Marcus Eikenberry, so odd on many levels. The full interview lasts thiry-eight minutes, which makes it a bit long for casual viewing. The article which mirrors the video notes some of the highlights, including when he almost breathlessly exhorts the moment he realized that there was nothing in PayPal's EULA that prevented him from not transferring his EVE Online account to a purchaser on Craigslist. His rationalizing of the actions include the loss of his job and financial instability, even as he begins the interview explaining how he would scam players in both EVE Online and World of Warcraft for fun. His words are unsettling, but what makes them all the more eerie is the fact that without the foreknowledge... there's no way to tell his voice from any of ours. When you have the time, the whole interview is well worth looking at if you're at all interested in account security and the culture of scammers.
CEO of SecurePlay discusses account security
Anyone even slightly in touch with the MMO community is aware that account security has been an even bigger concern than usual for the past few months. While it's more in the forefront of everyone's mind these days, it's important to remember that this isn't a brand new problem. It's very important for people on both sides of a game -- both the player side and the development side -- to work to make player accounts as safe as possible. Steven Davis, CEO of SecurePlay and the mind behind PlayNoEvil, has been watching the events with interest and spent some time recently talking to us about his take on the situation as well as overall account security. Follow along after the jump and see what he had to say.
Anti-Aliased: Hax0red
Today was a beautiful morning. It was a morning filled with sunshine, chirping birds, and a good night's rest. I was up writing late last night, so it was nice to sleep in a little before getting a start on the day. Yet, all cozy naps must come to an end, as I had to get up to man my computer, check my e-mail, and get a start on today's work.As I booted up Mozilla Thunderbird and looked over the e-mails that were floating in my inbox (yesterday's MAG comments, Star Wars Galaxies comments, and some new screenshots for D&D Online) I saw one that kinda stuck out. It was from Blizzard Entertainment Support, and it was a password change notification from Battle.net. At first I chuckled, thinking it was some type of spammer who was trying to get me to give up my password, but on looking through the letter, I noticed it was authentic Blizzard material.That's when my phone rang. It was one of my guildmate's numbers flashing on the screen. Those birds stopped chirping after that booming string of profanities escaped my mouth.
The Queue: Nuts and bolts
Oh boy. Most of us are the walking dead after BlizzCon, but let's get back to something resembling normalcy with a Queue. We're going to start off today with an important matter concerning authenticators and account security, then move on to a bit of WoW.com business and Onyxia. I'd also like to direct attention to two really good comments from the last column re: technical issues, Shadow's and Logarth's.Zerounit asks... I recently got an Authenticator in the mail and I noticed something while I was inspecting it: there appears to be no way to open it short of cracking it open with large objects. Is there a battery life on these? If it stops giving me my magic codes, will I have to get a new one? I got an authenticator for my own use recently and have to admit I hadn't thought to look into the battery life, which is a very good question indeed. A dead authenticator means you have no way of getting into the game (or even into your online account) without official help from Blizzard. Turns out the little security doodads are manufactured by a company named Vasco, and after poking around their website, I'm reasonably certain that Blizzard authenticators are a variant of Vasco's DIGIPASS GO 6 model. What makes me so sure? The GO 6 model page is the only one accompanied by an article on fraud and hacking in online gaming. They don't come right out and say that Blizzard is a customer, but unless Hello Kitty Online is a bigger hive of scum and villainy than even we gave it credit for, you don't have to be a genius to figure out that World of Warcraft figures prominently in MMORPG account theft.
WoW Rookie: Keeping your account safe and sound
New around here? WoW Rookie points WoW's newest players to the resources they need to get acclimated. Send us a note to suggest a WoW Rookie topic.It doesn't take keyboard gymnastics to prevent your account from getting hacked. As a new player, you're bound to be concerned – and if you do any digging at all, you're also bound to uncover a tangle of acerbic, rather arcane-sounding comments (many of them on posts right here at WoW Insider) about what operating systems, browsers and browser add-ons are most secure.You really don't have to change your entire computer system simply to keep your WoW account safe. This week, WoW Rookie rounds up a selection of WoW Insider posts that show you how (and why) to keep your WoW account from being hacked and prevent your computer from spilling its beans to the world at large.
Lame scams still profitable in Guild Wars, over 1000 bans every week
Would you fall for this? (Please say 'no'...): A complete stranger approaches you on the sidewalk outside of your bank and shows you a rare coin he says is worth twenty thousand dollars. "I want to just give this coin to you," he says, "but I don't want anyone to know we did this... tax issues, you see." The stranger suggests putting it in your safe deposit box, but because he's so concerned about privacy, he wants access to your safe deposit box to be sure the rare coin gets there, with no one the wiser. The problem is that he can only get in there with your express permission...We're guessing 99.99% of you would never get suckered by something asinine like this, but why then do people fall for the exact same thing in the virtual realm? Specifically, it seems that Guild Wars players regularly turn over their login info to account thieves in hopes of getting something for nothing, as mentioned by Ravious over at Kill Ten Rats. This ultimately leads to a continuous deluge of stolen accounts, tears, and rage.
