account-compromises
Latest
The day Fox's account got hacked -- and how you can learn from his mistakes
Ladies and gentlemen, hello. My name is Fox Van Allen. I've been playing World of Warcraft for nearly four years. And despite all I know and all my warnings I've given you, the reader, it still happened. Last week, I, Fox Van Allen, had my account hacked. The first question I'm inevitably asked is, "You? What excuse do you have to not have an authenticator?" Well, truth is, I do have an authenticator. I use my iPhone. But one day a few weeks ago, that ever-changing number display just somehow fell out of sync with what WoW was expecting me to enter. Trying to re-sync did nothing. To get back into my account, I had to have the folks at Blizzard take my authenticator off the account. And that's how it happened. I foolishly forgot to reattach it right away -- I really haven't played a heck of a lot of World of Warcraft on account of my move to Los Angeles. It just wasn't on my mental list of things to do. And wouldn't you know it, barely a week after I had my authenticator disconnected from my account, I started getting emails from Blizzard. Not the usual spam, but legit receipts. Receipts for $105 worth of server transfers and faction changes that I didn't authorize. That's when the pit of my stomach gave way. I knew immediately the emails were legit. And if the emails were legit, then I had to have been hacked. It's one of the worst feelings in the world.
You cannot get hacked by playing public games in Diablo 3
After years of keyloggers and trojans from unsafe browsing, unsecured computers, or just plain bad luck, WoW players should be pretty used to the concept of a compromised account and how said compromises happen. Unfortunately, Diablo III players don't appear to be as familiar with them, which has resulted in some pretty maddening discourse on the official forums and across the internet. Just like WoW accounts, Diablo III accounts are worth real money. Blizzard has had experience dealing with compromised accounts for years. This is why it introduced the Battle.net Authenticator, a second level of security that makes it very, very difficult to get your account compromised. Authenticators don't make it impossible to get your account compromised, but they do make compromising your account much more trouble than it's worth in the face of mass keylogging, which is how accounts are normally stolen. Some people who haven't had a WoW account before but bought Diablo III were undoubtedly surprised when their accounts were compromised, which is understandable. An editor at Eurogamer had his account hacked and responded with an article suggesting that players were getting their sessions hijacked by joining public games and that people were getting compromised with this method even with authenticators attached to their account. Unfortunately, sites all over the internet picked up the story and also reported the session hijacks and bypassed authenticators as fact. The problem is that neither of those things were correct. In fact, Blizzard says it's actually impossible to do with Diablo III due to the way the infrastructure is set up.
Blizzard denies Diablo III authenticator hacking claims
We've been following the mass reports of hackers bypassing passwords and authenticators to rob Diablo III accounts blind, and now we have a new twist on the story. While Blizzard confirmed "an increase in reports of individual account compromises," the studio says it has no hard evidence that hackers have found a way to skirt around the authentication system. Community Manager Bashiok said that the company is taking the claims "extremely seriously" and is investigating the rash of account compromises. "Despite the claims and theories being made, we have yet to find any situations in which a person's account was not compromised through traditional means of someone else logging into their account through the use of their password," he said. "While the authenticator isn't a 100% guarantee of account security, we have yet to investigate a compromise report in which an authenticator was attached beforehand." Blizzard is assisting compromised customers by restoring stolen items and rolling back their accounts. The studio has a post up on its forums to help players protect their accounts and get assistance if theft occurs.
Blizzard posts new account security guide
Make no mistake: it really sucks when your WoW account gets compromised. Even with the speed with which compromises are handled by the support department nowadays, it's still a pain to have to wait to get your stuff back -- and it's even worse to know that someone was in there mucking around with your dudes, you know? Blizzard's been better about helping people with account security problems recently, like giving out free authenticators to some hacked accounts and offering a free phone-in authenticator service, but in the end, a lot of the responsibility falls on you the player to keep your account secure. To that end, Blizzard has assembled a new account security guide. It's a pretty comprehensive list of the steps you can take to secure your account, from getting an authenticator to learning how to recognize phishing emails to making sure that your computer itself is secured through the use of antivirus software. Learn it, live it, love it. In account security, as in Planeteering, the power is yours.
